SecOps forum
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Forum Posts

Resolved! Tanium-ServiceNow Integration

Hi, I am trying to explore the Security Operations tanium Integration plugin. Can I please get an information on what all field related data can be gathered with tanium? Example: IP address, serial number, MAC address etc. What would be a preffered s...

Resolved! "Specify Download" property in Instance Security Dashboard

Hey Folks, I have an unusual situation where we are trying to restrict download the file types in ServiceNow instance by means of "Instance security dashboard" So i have specified the file types under system property 'glide.ui.strict_customer_uploade...

Resolved! NIST NVD entries into ServiceNow

Hi All,I would like to know about certain points for importing CVE's into ServiceNow through NIST NVD data base : 1) NVD data feeds table 'sn_vul_nvd_repo' shows Recent and Modified, what is the significance and difference between the entries stored ...

Dipin by Kilo Contributor
  • 1390 Views
  • 1 replies
  • 2 helpfuls

Resolved! How is Rollup Calculator applied to a Vulnerability Group

Hi,     I need to understand how the process behind rollup calculators works. I do know it uses a weighted average of scores but what I need to know is how do you apply a calculator to a vuln group or groups. Unlike vulnerability calculators where th...

Jazz1 by Kilo Contributor
  • 2611 Views
  • 6 replies
  • 5 helpfuls

Resolved! Sightings Search Configuration

Hello, In Sightings Search Configuration it is possible to create multiple searches per Observable Type. Is it possible to then allow analysts to chose the search they want to use when running a Sightings Search in an SIR? For example, I'd like to ha...

Audrey12 by Kilo Contributor
  • 1278 Views
  • 2 replies
  • 3 helpfuls

Resolved! Best Practice for Insider Threat Investigations

Does anyone have a best practice or workflow suggestion on using the SecOps module for Insider Threat investigations?  One requirement is making sure that the scope of knowledge is limited to just one group in the SOC.  Therefore, VM and IR teams are...

qcj3 by Kilo Guru
  • 1974 Views
  • 6 replies
  • 11 helpfuls

Resolved! Restricted Caller Access Privilege should be on Update set?

Hello everyone, I'm developing Security Incident Response module for a cliente. It's my first experience managing scopes. I have created an update set on Security Incident scope but when I do some changes I see the following records created on the up...

find_real_file.png

Resolved! Qualys Integration Runs - Duplicate Items

Qualys integration runs show there are some duplicate values. Does this just show the message that there are duplicates or it created duplicate records in the system? Please help me to understand this. Module in App navigator : Qualys Vulnerability I...

Khanna Ji by Tera Guru
  • 1526 Views
  • 4 replies
  • 5 helpfuls

Resolved! Assignment of Security Incidents to Non Sec Ops staff

Hi, A member of the security team has asked me if there is a way to assign a security incident to an individual, so that only they can see it. From my research, I can see that I would need to set up new groups so they are available for the Sec Ops te...

Collette1 by Giga Contributor
  • 1518 Views
  • 4 replies
  • 1 helpfuls