Hi, We have some discovered items which are unmatched but we noticed that they could be matched if we either update CI Lookup Rules or the unmatched CI itself. We know that we can reclassify a discovered item to some specific CI class which is good ...
Our Vulnerable Response Tables can get quite large. We're looking for a way to improve system performance on these tables by keeping them trimmed down to only current or recent historical information. I would like to create some archiving rules aro...
Dear All, Kindly note I've followed the below guide to give access to the group mangers to add/delete their own group members, but with no luck https://community.servicenow.com/community?id=community_question&sys_id=ed71cb29db98dbc01dcaf3231f961999 I...
HI, I am running Sighting search for IP Address in Splunk,i am using OOB "Sightings Search Configurations" and i have created same config in splunk as well but i am getting Sighting Search count as 0 in SNOW while in Splunk we are getting results for...
Hi SecOps experts, I was just thinking if I set VIT/VUL to Closed/Deferred and if that vulnerability state changes to fixed in Qualys, does that change the state in ServiceNow to closed or fixed or will it be ignored? Wondering how state changes are ...
"sys_user_has_role has entries that shouldn't exist" Years ago In our early stages of go-live, we had configured the itil role to be inherited when a user was granted the it_project_manager role. Recently, we removed the inherited role (itil) from it...
How to activate the plugins of SecOps on personal dev instance
When running a scan getting the below error message. How to get away from this? Error: No scan options profile defined. Provide a scan options profile in the Qualys configuration Steps to replicate 1) Go to Vulnerability - Vulnerability Scanning - ...
Hello, we have a problem with the inbound emails. Emails send with marked 'confidential' (from a Microsoft Server/outlook) open a case/ticket in ServiceNow, but the content is not decrypted. The system receives the messages encrypted and cannot read ...
Hi All, I have gone through the state changes between vulnerable item and group but have some questions unanswered. https://docs.servicenow.com/bundle/london-security-management/page/product/vulnerability-response/concept/vulnerabillity-states.html#V...
I recently thought that I would try out the MITRE ATT&CK integration. After performing all updates, I now see the MITRE ATT&CK TAXII Profile, but do not see any TAXII Collections available. I'm asking for assistance in determining why these didn't g...
Hi Everyone I need to map 'Requested by' and 'Requested for' fields from the Input form and map it to fields in the Related list table. I used a small script, in the scripting section of the producer, 'Requested by' from the form should map it to rep...
Does anyone have any documentation on how to configure the Splunk "ServiceNow Event Integration" to include MITRE-ATT&CK TTPs to use in the new Threat Intelligence MITRE ATT&CK framework? I found documentation on how to "Auto-extract technique rules ...
A few questions... We are planning to use SNOW SIR (Security Incident Response) as our new Case Management / Ticketing System and we also have SOAR tool, Splunk Phantom. 1. What would be the best approach to integrate the two? 2. Do you have an a...
Hi all, How we can do integration between QRadar with Servicenow. If anybody has been done please share the document as well. I got something from servicenow doc, but i am unable to understand properly. Please help.. Thanks for the advance. Regards,...
