Encountered error running the integration. Error: Invalid response code 403 received from Qualys Qualys integration with VR (NewYork 9a) has been working ok, with a nightly run. All of sudden stopped working and saw that Qualys account was locked. ...
Does anyone have a recommendation and / or best practices on how to group, categorize or define Vulnerability groups recieved from Rapid7. I am trying to reduce the number of groups and auto assign vulnerability items as they are received in Service...
Hello Experts As part of automatic Incident creating in SNOW I am consuming the API https://XXXXXX.service-now.com/api/now/table/incident from windows .net The response i am receiving as below. {StatusCode: 401, ReasonPhrase: 'Unauthorized', Versio...
Hello, I have installed the Qualys Vulnerability Integration plugins. I am trying to set it up using the Setup assistant. I entered the Login credentials for Qualys, however when running the Knowledgebase and Host detetction scans I see the below er...
Hi All, I have noticed a significant difference in speed between the flow designer and and the workflow designer.The flow designer is much slower, specifically when it comes to creating response Tasks, it takes few minutes to generate a new task...
FEB 26 UPDATE: video and slides now available below. Hello all, it is my great pleasure to announce that on February 26 at 10 am PT, we will publish here a video intended to help you get started with ServiceNow Security solutions. We realize that m...
Hello, I'm currently working on developing some reports for any VI or VG that was subject to the "Close/Defer" button. In doing that, I noticed that depending how a VI or VG is marked as closed, it may or may not be reflected within the table known a...
I am utilizing an Alert Management Rule (copied the OOB 'create a security incident for critical alerts' and adjusted the Alert filter) to create Security Incidents. We use the Severity from the Security Incident to trigger our SLA definitions. How d...
We are currently using Qualys in our Vuln Response space. When Qualys scans the network, it finds thousands of devices that are just an IP address with no properties. As a result, thousands of CI's are being created in the CMDB of Class Unmatched CI ...
Hey, I had recently created a ServiceNow account and am planning to access asset information using Rest API .When I run my curl command I get the following error .How do I resolve this ? ERROR: getaddrinfo ENOTFOUND "INSTANCEID_PLACEHOLDER".service...
I am in the middle of a Cloud Security audit and they are asking me what specific intrusion detection system(s) is used by ServiceNow to protect our data.
When using affected users you are selecting users who were impacted by the Incident. We have been operating under the assumption that an affected user is the same a compromised user. We have come across instances where the affected user was not com...
We are just getting involved in the Security Incident Response Module. Is there a best practice for setting up a user to create tags in this module. We have quite a large user base and I believe the concern is that it will get out of hand quickly....
We have 50+ workflow triggers and I want to know when a workflow trigger has fired. I see there is a "Response Workflow" in the Security Incidents. If I knew what table this was then maybe I could see what workflows (and, by extension, what triggers)...
Our CMDB is a bit of a mess (working on that as we speak) and I sometimes get VI's that are matched incorrectly to a CI. Is there a way for me to just reassign a VI to a DIFFERENT CI without going and changing matching rules and deleting the CI tabl...
