On-Premise instance
Whether ServiceNow have an On-promise instance? If yes, what is the actual use of those instances in infrastructure security to perform Password2? @Tony Chatfield1
Forum Posts
Splunk integration plugin to create Security Incidents vs. just using Event Management
Hi, team, a large customer is challenging me on the technical and business benefits of the Splunk plugin vs. just using event management to create security incidents. Anyone have any concrete evidence that the plugin is "better?"
Resolved! Tenable.io plugin import and severity field in VR
I have a fully working vulnerability response integration with tenable.io. We have a requirement to switch from CVSS 2.0 to CVSS 3.0 for severity calculation. We had changed the settings in Tenable.io from using CVSS 2.0 to CVSS 3.0 for severity and ...
Resolved! How to close VITs that are associated with closed/deleted CIs in Tenable
Hi,If a CI is deleted in Tenable those associated VITs should be closed in ServiceNow. How to achieve this requirement?
How to install Major Security Incident plugin on PDI
Hi All, I am not able to install Major Security Incident Plugin on my PDI because one of dependent plugin (sn_sp_spoke) needs to be purchased from ServiceNow Store If any one knows how to fix this issue then please help me.
How do I ensure that Outdated Libraries are not used?
How do I ensure that Outdated Libraries are not used? For TinyMC the library TinyMCE version 4.4.3 was being used and has known security issues. The newest version is 5.2.2 (30.04.2020). For Jquery the library jQuery version 2.2.3-snc was being used ...
Resolved! Updating Splunk Notable Event from Servicenow
Hi Champs, I am trying to make a connection to splunk to update the notable event, but getting 400 error. Kindly suggest. Error screenshot below:
Vulnerability Detections Process
Hi, I would like to know the vulnerability detection process. When we integrate with third party applications like Qualys. We will receive data in detection table and from there VIT's will be created. So I would like to know1) how the detections are ...
How do I authenticate to a TAXII Discovery Service endpoint?
I've built a TAXII profile but the discovery server requires a username and password of guest/guest. I'm not sure how to build the REST message to send that. When I test connecting to the TAXII server manually with the username and password using Cab...
Required API Permissions/Roles on a Microsoft Azure application
In the DLP documentationhttps://docs.servicenow.com/bundle/utah-security-management/page/product/dlp-microsoft/reference/getting-started-microsoft-integration.html Under the heading 'Required API Permissions/Roles on a Microsoft Azure application' it...
False positive vulnerable items reopened
Hi, I have questions regarding the false positive vulnerabilities. Please see below1) Does false positive vulnerabilities reopened from source scanners (Qualys, Rapid7)? 2) Once vulnerabilities are marked as false positive what are the options to reo...
Closed VITs in deferral state when re-opened do not defer
From what I understand: Vulnerabilities which are deferred using an exception rule, if they close and then open whilst deferred no longer retain the deferred status and move to open. I believe from reading the forums this is as designed and there is ...
Resolved! Is there an architecture diagram for Security Operations that shows all applications for Security Incident Response, VR, Threat Management, Configuration Compliance and Trusted Security Circles?
Checking to see if there is an architecture diagram for Security Operations that shows all applications for Security Incident Response, VR, Threat Management, Configuration Compliance and Trusted Security Circles.
Security Incident Closure Codes
Hello,We recently moved to use the Security Incident response module, and wanted to know if there is a way to edit the list of closure codes, specifically remove or hide some from the list. I have included a screenshot of the list of closure codes th...
Resolved! Security Incident Response Workspace Details tab informaion
I am trying to change the fields that are display in the details tab of a Security Incident (SIR record). The current fields in the details tab display values for: Priority Risk score State in that order. I am being asked by the Security Agents to c...
