HiWe're having a bit of trouble adding multiple affected users into SIR tickets using the Azure Sentinel Incident Ingestion Integration. We are able to ingest Sentinel Account entities (${Account: properties(displayName)}$) using a simple glide get q...
Hi all has anyone successfully mapped the MITRE Technique ID/Name from Azure Sentinel source data into the Security Incident? We have been informed from our analysts that the Technique is available for the Sentinel incidents but it does not appear ...
Hello, Has anyone implemented a workaround to have Sentinel close SIR incidents since the integration is not bi-directional in this regard? Thanks!
Hi Community, I'm currently working on setting up Qualys integration for Vulnerability Response following lab instructions.For some strange reason, integration job fails with error: "Cannot run REST-based integration without a Qualys API credential s...
Hi community. While submitting some of record producers, I am getting this error message: 'Invalid attempt. Encrypted data could not be saved.' Now this is due to some masked fields which we have added in producer as per request from client. I also t...
Hello experts,I am new to Vulnerability, and I would like to have process information.In our instance, we have identified examples, where the VCA was wtill in review, even when the associated remediation task(VUL) was closed and its VIT's were also c...
Noticed that when a close VIT record is reopened by VR system, it is re-evaluating the assignment rule and it may change/update the assignment group of the VIT record if there changes in the CI record support group details. Can someone point what or ...
Hi All,I am facing issues with adding work notes as default list view column in classic view. I do reset to default columns still i can't see work notes in list view. Please help me on this. Thank You.
Hello Community, My client has requested an email notification in the Security Incident Response application that includes a record of every update made to a specific SIR, with the details converted into JSON format and attached to the email. Now, I ...
I understand work notes are used track the changes around the VIT journey. But i am looking for purpose of additional comments. Thanks in advance.
Afternoon all.... I am deep diving into the Certified Implementation Specialist - Security Incident Response CIS-SIR exam. I'd be grateful for any pointers and advise in terms of what online resources to use. I have the Mainline Exam Blueprint, I hav...
Hi everyone,I’m planning to prepare for the CIS-Vulnerability Response certification, but I haven’t worked on this module so far. I’m a bit confused about what topics I should focus on and which areas from the ServiceNow documentation are most import...
Hello!I'm new to VR module.I know that for Vulnerable Items, you can set the remediation target using 'Remediation Target Rules'. However, the Remediation Target Rules utilize the 'last opened' field and a user defined number of days to set the reme...
I am integrating Tenable.io with VR.I will install the Tenable VR integration and configure the Tenable.io endpoint, client id and secret.What needs to be set up account wise on Tenable.io please, what access and how is it done?I can't see any docume...
