Our Infosec team has required that all admin activity that occurs in ServiceNow needs to be exported to an external syslog server. From initial review, it looked like the SecOps module included SIEM integrations. However, it appears that integration ...
Hello team. Quick (and maybe dumb!) question: I'm trying different security incident calculators here to get fields set and to get a risk score. I've changed conditions, orders, etc and nothing seems to work. On my PDI, the one that always runs is th...
Hello All, We have an Event which triggers a notification on Security Incident response.I am looking for code of adding Users email address to event so that the notification can be sent to email address of users in Affected user related list.Table : ...
Hi All, We have recently gone live with the VR module and currently ingest data from Qualys and MS Defender. From Qualys I can see in the third party library table we can see vendor and product information as well as a category field. I was wonderin...
We're going through a security audit and this question was posed to us...."Does ServiceNow encrypt all our data at rest?" Is this something done by ServiceNow or do we need to arrange for this?
Hello, We are working on an SecOps Vulnerability Response opportunity where customers is looking for to import vulnerability entries from following sources: What is the best way to do it? Thx, Marco
Hi I'm still having issues with Remediation Task and when they run. We bundle up Remediation Tasks based on vulnerability name and assignment group being populated. If we run our remediation task rule it tears everything down and rebuilds all the Rem...
Hey everybody,We have just begun trying to use the recent added Exception Rules option within Vulnerability Response. Trying to formulate some of the procedural use cases in doing so, and I am wondering what others might have done to utilize this fe...
Hey all, How can we get a false positive VI/VG to automatically close without setting an expiration date in the request exception to avoid it opening to its previous state? According to the following VR state workflow diagram that is out of the box c...
Nexpose closes the vulnerable items when issue is fixed for assets/configuration items which is alive/operational in nexpose scanning but it is not happening for dead/non-operational assets, may i know why?I want to know is there any process to close...
We are attempting to calculate our customer usage for the last 90 days in the Security Operations module, Discovered items (sn_sec_cmn_src_ci table). The KB0861920 indicates that what is counted is; a server, a desktop, a laptop, a printer, a firewa...
Hey all, We been live with Vulnerability Response in our environment for 4 months now. Remediation Users like to fill in the work notes and then change the assignment group back to us (Vuln Admins) so that we get the message. This ends up skewing the...
Hi, Do Vulnerable Items get created and assigned a risk score based off of the risk score in the third party entries? Thanks,
Team, What's the best practice to handle the out of the box Security Incident Calculators Groups? The group can't be toggled inactive, but the calculators within can. What if a customer wants to customize them? Disable the calculators so they don't r...
Dear Team, We are integrating Tenable with ServiceNow and we are connecting Tenable with ServiceNow by entering API details through mid servers but Servicenow is not connecting with Tenable, here is the error log, Could you please help us on the same...
