MTTR on closed vulnerable items CISA and known ransomware
Anyone has a recipe to calculate MTTR (Mean time to remediation) for vulnerable items that are tagged CISA or Ransomware?
Forum Posts
Is "Secure Attachment" in Security incident Response safe to upload malicious files?
Hi all, I want to know how the "Secure Attachments" are managed on ServiceNow. Say we have a phishing email that got escalated to a security incident or the analyst wants to submit a malicious file to sandbox, is it safe to upload it in "Secure Attac...
Detection Aggregation for Source-Agnostic VITs
Has anyone ever come up with a way to rollup up detections to a single VIT, regardless of scanning source? I've had SecOps people ask me, if the CVE and CI are the same, why can't I add the new detections to an existing VIT, regardless of who found i...
Tenable - How can I map info from Tenable.io to a newly created field on the Vulnerability Item
The Tenable.io integration is creating and updating Vulnerability Items no problem However we created new String field on the Vulnerability Item form and we want to map some data from the Tenable.io Vulnerability item Data source so when the VITs get...
How to increase space between banner and search bar in Service Portal?
Hi,Could anyone please help me understand how to increase the spacing between the banner and the search bar (as highlighted in the image)? We’d like to move the search option slightly lower on the page.
How to Prevent Risk Score Audit Entries in Activity Stream
Hi Community,I'm working on a requirement where I need to suppress audit entries related to Risk Score from appearing in the Activity Stream whenever the Priority field is updated on a record.Has anyone implemented a similar solution or can suggest t...
Penetration Test vulnerability in serviceNow
We had penetration test in servicenow for potential vulnerability and found to fix below two. LUCKY13 — Remediation requires disabling the vulnerable ciphers, as noted in the information above.• Instead of CBE Cipher Suites, use AEAD Cipher Suites su...
Installing Vulnerability Response Application on Personal Developer Instance (PDI)
Hello All,I requested a Xanadu version of a Service Now instance and everything is working with the base install. When I am trying to install install the Vulnerability Response application 26.2.2 version, after installing a bunch stuff, it seems to b...
Vulnerability Response - Assignment rules
Hello, We have only 1 Assignment rule in place that runs and groups VITs by Assignment group & Vulnerability.But we see that there are Remediation tasks are created from that Rule & has VITs that are assigned to multiple different groups. What could ...
Shodan integration no longer working
Hi, We have noticed that the Shodan integration no longer works.It would seem that the API has changed; both in address & format This has been passed on to both Shodan & ServiceNow.However, our clients are still faced with an issue. Anyone else facin...
CrowdStrike Falcon Exposure Management – Incorrect 'Last Found' Date on Detections
Hi everyone,I've recently configured the CrowdStrike Falcon Exposure Management for Vulnerability Response app (x_crowd_vulnerabil) in my ServiceNow instance. The integration is successfully ingesting detection payloads, but I've run into an issue wi...
Platform Analytics Dashboard
Hello All, I would like to have the ability to filter out the data by type of system (Windows Server, Computer, etc.). When you explore a CI, it is in a field called "class". What I like to to do is provide a filter that has all the possible values f...
Resolved! 'Public Exploit' field in Vulnerability
Does any know how the value for 'Public Exploit' field is populated in the Vulnerability database?On our instance the value is set to 'unknown' for all the vulnerabilities.I am not able to find any information about the field in ServiceNow documentat...
Vulnerable item created in closed state due to CI being decommissioned. How is TTR calculated
Hello, I wanted to know that if the CI is retired in ServiceNow CMDB, and there is a Vulnerable item created for it in closed state, how would the Remediation target rules run for those VITs? If the VIT matches the condition for any of the rule, woul...
How to move image above Support Resources in ESC portal?
HiI want to move an image above the Support Resources section in the ESC portal. I tried doing this using Page Designer but its not working as expected.Could someone please guide me on how to achieve this?
