I created a few SLAs for Security Incident Response. The SLAs appear to start, as they activate the SLA workflow. However, the "Business time left", "Business elapsed time", and "Business elapsed percentage" always seem to be 0 on every SIR. Any i...
Dear Team, I am trying to create a security incident when phishing email arrives. I went through few docs, that says- Security incident was created automatically, when a record was created in 'Security Incident phishing email' table based on these fl...
I am trying to add some Security Incident Enrichment data to a Security Incident related list (coming from a third party integration REST call). In doing so, I found a set of Enrichment tables extending "Enrichment Data Base." In particular, I have ...
Hi all, I am unable to pull SC Queries from my Tenable.SC environment into my ServiceNow Tenable Connector. I have tried the following: Ensuring I have the Security Manager role in Tenable.SCEnsuring I have the proper roles in ServiceNow to config...
Hi All, We are enabled virusTotal (Security Operations VirusTotal Integration) plugin but not seeing proper data, Is there any additional API details required to configure virusTotal with servicenow. Kindly suggest. Thank you.
Hi All, Can any one help me on the difference between SIR Pro and SIR Standard?How is the unit of license work (UU)? Thanks in Advance!
Out-of-box there is a Vulnerability Response configuration to consolidate (or not) multiple detections of a vulnerability on the same device based on different ports. In other words, if the same CVE is detected on a device on multiple ports it can be...
I have a dev instance setup and I can connect to it from multiple different hosts in our network, except the one I am doing development on. $ openssl s_client -connect dev########.service-now.com:443 --stateCONNECTED(00000003)SSL_connect:before SSL ...
Thanks in advance to anybody that can clarify what I thought I knew versus what I am finding because a few dashboard widget reports are giving me grossly different results. This may sound like a total newbie situation, but .... I have three reports ...
Hi all,I'd like to be able to customize the "Source" and "Alert Sensor" drop-down lists for SIR tickets.Can you please either point me to documentation for that, or drop your first-hand knowledge in a reply?Thanks for your help!-aj
Hello, When using the Security Operations workspace, we have the hability to go through the stages of the incident: However, when trying to close the SI, I am getting an error:And it returns back to "Review" state. I think the problem is not having t...
Hi all, We are looking to use VCR rules to classify our vulnerabilities (platform vs application). We want to use the Common Platform Enumeration (CPE) in the VCR rule condition. The following is an example how I want to build out a VCR rule to class...
Running into an issue with ProofPoint PhishAlarm and Analyzer result enriching the SIR workflow and record. We are seeing in some situations with our config with the SIR flow design creating a PHIS with the SIR (best practice) is "too slow" and the P...
We have both application vulnerability response and Vulnerability response module being implementedat present we have two separate reports/dashboard to show AVIT and VIT statsmy question is is it possible to combine the data from AVIT and VIT tables ...
I seem to have found an issue that maybe someone can help me with. Prior to this release (16.1.1) if I had an unmatched discovered item which created a ci in either the custom tenable or Qualys tables, changing the CI lookup rule and then reapplying ...
