Hi all, We are looking to use VCR rules to classify our vulnerabilities (platform vs application). We want to use the Common Platform Enumeration (CPE) in the VCR rule condition. The following is an example how I want to build out a VCR rule to class...
Running into an issue with ProofPoint PhishAlarm and Analyzer result enriching the SIR workflow and record. We are seeing in some situations with our config with the SIR flow design creating a PHIS with the SIR (best practice) is "too slow" and the P...
We have both application vulnerability response and Vulnerability response module being implementedat present we have two separate reports/dashboard to show AVIT and VIT statsmy question is is it possible to combine the data from AVIT and VIT tables ...
I seem to have found an issue that maybe someone can help me with. Prior to this release (16.1.1) if I had an unmatched discovered item which created a ci in either the custom tenable or Qualys tables, changing the CI lookup rule and then reapplying ...
I'm hoping to get some guidance/advice from someone who is currently using the Tenable for ITSM and Asset applications. As an organisation we do not purchase the SecOps modules in ServiceNow so cannot make use of the paid Tenable VR connector which a...
Our Infosec team has required that all admin activity that occurs in ServiceNow needs to be exported to an external syslog server. From initial review, it looked like the SecOps module included SIEM integrations. However, it appears that integration ...
Hello team. Quick (and maybe dumb!) question: I'm trying different security incident calculators here to get fields set and to get a risk score. I've changed conditions, orders, etc and nothing seems to work. On my PDI, the one that always runs is th...
Good Afternoon All,Our Security team have asked us a question about the Syslog probe (quoted below), we have reviewed the ServiceNow docs but they don't seem to specifically relate to their exact need. (We have Vulnerability Response module but not S...
Hello All, We have an Event which triggers a notification on Security Incident response.I am looking for code of adding Users email address to event so that the notification can be sent to email address of users in Affected user related list.Table : ...
Hi, my organization recently switched on MITRE ATT&CK framework for Security Incident response (SIR). We have an integration with a SIEM (Devo) which generates SIR tickets in ServiceNow; the ticket in SNOW contains MITRE TTP data in a Description fie...
Hello All, We have a requirement where in notifications should go to all the affected users in the related list not just one in the Affected user field on the form.Whats happening right now is the notification is only being sent to the person in affe...
Hi All, We have recently gone live with the VR module and currently ingest data from Qualys and MS Defender. From Qualys I can see in the third party library table we can see vendor and product information as well as a category field. I was wonderin...
We're going through a security audit and this question was posed to us...."Does ServiceNow encrypt all our data at rest?" Is this something done by ServiceNow or do we need to arrange for this?
how to stop creating discovered items for unwanted classes so that it does not create vulnerable items related to that? or how to stop vulnerable items getting created for particular classes of discovered items?for example:some xyz configuration item...
Hello, We are working on an SecOps Vulnerability Response opportunity where customers is looking for to import vulnerability entries from following sources: What is the best way to do it? Thx, Marco
