SecOps forum
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Forum Posts

Resolved! Export all admin activity (syslog) to external server

Our Infosec team has required that all admin activity that occurs in ServiceNow needs to be exported to an external syslog server. From initial review, it looked like the SecOps module included SIEM integrations. However, it appears that integration ...

Brad59 by Giga Guru
  • 1228 Views
  • 4 replies
  • 1 helpfuls

ServiceNow Syslog Probe

Good Afternoon All,Our Security team have asked us a question about the Syslog probe (quoted below), we have reviewed the ServiceNow docs but they don't seem to specifically relate to their exact need. (We have Vulnerability Response module but not S...

Resolved! Code for adding multiple user emails in the event queue

Hello All, We have an Event which triggers a notification on Security Incident response.I am looking for code of adding Users email address to event so that the notification can be sent to email address of users in Affected user related list.Table : ...

Auto-populate the SNOW MITRE ATT&CK Card

Hi, my organization recently switched on MITRE ATT&CK framework for Security Incident response (SIR). We have an integration with a SIEM (Devo) which generates SIR tickets in ServiceNow; the ticket in SNOW contains MITRE TTP data in a Description fie...

Barry11 by Kilo Contributor
  • 738 Views
  • 1 replies
  • 0 helpfuls

Resolved! send notification to users in related list

Hello All, We have a requirement where in notifications should go to all the affected users in the related list not just one in the Affected user field on the form.Whats happening right now is the notification is only being sent to the person in affe...

IceIronDragon_0-1669132917546.png IceIronDragon_1-1669132955271.png

Resolved! Does ServiceNow encrypt all our data at rest?

We're going through a security audit and this question was posed to us...."Does ServiceNow encrypt all our data at rest?"   Is this something done by ServiceNow or do we need to arrange for this?   

Gary Winslow by Mega Contributor
  • 11935 Views
  • 8 replies
  • 7 helpfuls

Vulnerabilities database import

Hello, We are working on an SecOps Vulnerability Response opportunity where customers is looking for to import vulnerability entries from following sources: What is the best way to do it?  Thx, Marco

find_real_file.png
Marco26 by Kilo Contributor
  • 1555 Views
  • 11 replies
  • 2 helpfuls

Still having issues with Remediation Tasks

Hi I'm still having issues with Remediation Task and when they run. We bundle up Remediation Tasks based on vulnerability name and assignment group being populated. If we run our remediation task rule it tears everything down and rebuilds all the Rem...

Procedural use of VR Exception Rules

Hey everybody,We have just begun trying to use the recent added Exception Rules option within Vulnerability Response.  Trying to formulate some of the procedural use cases in doing so, and I am wondering what others might have done to utilize this fe...

Does ServiceNow support CIDR range?

Hi All, Good Day!!! Can we add a range of IP in one shot into the observable table ?We have Palo Alto NGFW integration and we want to send the range of IP's to this EDL list for block/Allow.Whenever I tried to add an IP with subnet in the observable ...

Range.png
Venkatesh4 by Tera Expert
  • 583 Views
  • 1 replies
  • 0 helpfuls