I recently thought that I would try out the MITRE ATT&CK integration. After performing all updates, I now see the MITRE ATT&CK TAXII Profile, but do not see any TAXII Collections available. I'm asking for assistance in determining why these didn't g...
Hi Everyone I need to map 'Requested by' and 'Requested for' fields from the Input form and map it to fields in the Related list table. I used a small script, in the scripting section of the producer, 'Requested by' from the form should map it to rep...
Does anyone have any documentation on how to configure the Splunk "ServiceNow Event Integration" to include MITRE-ATT&CK TTPs to use in the new Threat Intelligence MITRE ATT&CK framework? I found documentation on how to "Auto-extract technique rules ...
A few questions... We are planning to use SNOW SIR (Security Incident Response) as our new Case Management / Ticketing System and we also have SOAR tool, Splunk Phantom. 1. What would be the best approach to integrate the two? 2. Do you have an a...
I configured an itil user as the owner of a group. However, after going to Manage My Groups and clicking on one of the groups and clicking "Edit" on the Group Members tab, the page to configure which users should be members is not displayed. Only get...
We are using Qualys to import our vulnerabilities. When a discovered item doesn't match an existing CI, how do you resolve that?
Hi experts, I am using flow designer , in which I need to wait until all the existing response tasks are completed and then move further. I am using wait for condition action in flow designer ad have written a script for it. But when I check flow exe...
Hello, While initiating scans from Servicenow to Qualys, I get the below error. I am using the "rescan vulnerable items" UI action from the VUL record. Error: Unsuccessful response from server. Status code: 400 I have already default_scan_applian...
I have configured email ingestion and I can see it created some record called Security Incident Phishing Email PHIS0010001 I wanted to create direct Security Incident. Is there anything changed recently which caused this record creation? Also system ...
I have created two SLAs setup for Low and Medium Severity. I have an inbound email action to manually set the Severity to 3-Low if the Subject has Low and an email action to set the Medium email subject Severity to 2-Medium. The Security incident tha...
I am experimenting with different modules of SecOps ,any advice,scenarios based, issues faced or interview questions would be really helpful! Thanks a ton!!
hi all, We have some security incident tasks assigned to some other teams who might need read-only access to the incident ticket and also the assigned task. I tried assigning sn_si.external and sn_si.special_access but ithe users are still unable to ...
Hi There, As per the docs, Servicenow Qualys Host detection Integration retrieves host tags(Asset tag) from Qualys. We had ran the Qualys job once and I could see the field named 'Qualys host ID' gets updated in our CMDB table with the relevant data ...
Hi All, As part of Splunk ES to SIR integration, some of the alerts are not getting converted into a security incident. When found in the ECC queue, we are seeing most of the jobs are stuck in ready state. Could someone help with if any schedule is g...
reference the SN documentation with regards to creating service accounts here, my understanding is that this checkbox should be checked so to prevent someone from logging into SN as a normal user would. I would like to know that if SSO is enabled, t...