Hi All, As part of Splunk ES to SIR integration, some of the alerts are not getting converted into a security incident. When found in the ECC queue, we are seeing most of the jobs are stuck in ready state. Could someone help with if any schedule is g...
reference the SN documentation with regards to creating service accounts here, my understanding is that this checkbox should be checked so to prevent someone from logging into SN as a normal user would. I would like to know that if SSO is enabled, t...
Version: Orlando VIT or VUL is tagged as Closed Manually and reason for closure is a false positive. What will happen in the next Vulnerability Import? Will the system re-open the manually closed item or it doesn't do anything?VIT is remediated and...
Hi, We are trying to find out more on Penetration testing on our ServiceNow Instance and have the following questions - Do we have to use third party tools to do Penetration testing? if so are there are recommendations from anyone who has used those?...
Scenario A : An active CI has five vulnerabilities.The active CI state changes to Retired. What is best practice / industry standard for VI's related to CI's? Do we close the VI's? Scenario B : An active CI has five vulnerabilities. The CI has not ...
Hi, I am working on Vulnerability Response module where facing one issue. I want to know how to calculate Risk score for Vulnerability solution. I have gone through below docs link where they have given below formula but its not working. https://docs...
Hello We are using Qualys Integration in our VR module of Servicenow. By default, the Vulnerabilities get imported into NOW via the different Qualys Integration runs and corresponding VIT records are created. I have a custom requirement. Is there a ...
Encountered error running the integration. Error: Invalid response code 403 received from Qualys Qualys integration with VR (NewYork 9a) has been working ok, with a nightly run. All of sudden stopped working and saw that Qualys account was locked. ...
Does anyone have a recommendation and / or best practices on how to group, categorize or define Vulnerability groups recieved from Rapid7. I am trying to reduce the number of groups and auto assign vulnerability items as they are received in Service...
Hello Experts As part of automatic Incident creating in SNOW I am consuming the API https://XXXXXX.service-now.com/api/now/table/incident from windows .net The response i am receiving as below. {StatusCode: 401, ReasonPhrase: 'Unauthorized', Versio...
Hello, I have installed the Qualys Vulnerability Integration plugins. I am trying to set it up using the Setup assistant. I entered the Login credentials for Qualys, however when running the Knowledgebase and Host detetction scans I see the below er...
Hi All, I have noticed a significant difference in speed between the flow designer and and the workflow designer.The flow designer is much slower, specifically when it comes to creating response Tasks, it takes few minutes to generate a new task...
FEB 26 UPDATE: video and slides now available below. Hello all, it is my great pleasure to announce that on February 26 at 10 am PT, we will publish here a video intended to help you get started with ServiceNow Security solutions. We realize that m...
Hello, I'm currently working on developing some reports for any VI or VG that was subject to the "Close/Defer" button. In doing that, I noticed that depending how a VI or VG is marked as closed, it may or may not be reflected within the table known a...
I am utilizing an Alert Management Rule (copied the OOB 'create a security incident for critical alerts' and adjusted the Alert filter) to create Security Incidents. We use the Severity from the Security Incident to trigger our SLA definitions. How d...