SecOps forum
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Forum Posts

Resolved! Sightings Search Configuration

Hello, In Sightings Search Configuration it is possible to create multiple searches per Observable Type. Is it possible to then allow analysts to chose the search they want to use when running a Sightings Search in an SIR? For example, I'd like to ha...

Audrey12 by Kilo Contributor
  • 1322 Views
  • 2 replies
  • 3 helpfuls

Resolved! Best Practice for Insider Threat Investigations

Does anyone have a best practice or workflow suggestion on using the SecOps module for Insider Threat investigations?  One requirement is making sure that the scope of knowledge is limited to just one group in the SOC.  Therefore, VM and IR teams are...

qcj3 by Kilo Guru
  • 2016 Views
  • 6 replies
  • 11 helpfuls

Resolved! Restricted Caller Access Privilege should be on Update set?

Hello everyone, I'm developing Security Incident Response module for a cliente. It's my first experience managing scopes. I have created an update set on Security Incident scope but when I do some changes I see the following records created on the up...

find_real_file.png

Resolved! Qualys Integration Runs - Duplicate Items

Qualys integration runs show there are some duplicate values. Does this just show the message that there are duplicates or it created duplicate records in the system? Please help me to understand this. Module in App navigator : Qualys Vulnerability I...

Khanna Ji by Tera Guru
  • 1581 Views
  • 4 replies
  • 5 helpfuls

Resolved! Assignment of Security Incidents to Non Sec Ops staff

Hi, A member of the security team has asked me if there is a way to assign a security incident to an individual, so that only they can see it. From my research, I can see that I would need to set up new groups so they are available for the Sec Ops te...

Collette1 by Giga Contributor
  • 1568 Views
  • 4 replies
  • 1 helpfuls

Resolved! Third Party Vulnerability Entry (QID)

I have integrated Qualys with ServiceNow and it started created items and groups with Qualys Ids (QIDs). The issue with these QIDs is that Threat and Solution fields are coming as blank. There must be some information about this third party vulnerabi...

find_real_file.png
Khanna Ji by Tera Guru
  • 3298 Views
  • 23 replies
  • 1 helpfuls

Resolved! ServiceNow Qualys Integration - Asset Tags

Does ServiceNow Qualys Integration brings asset tags into ServiceNow? I don't think so, we need Qualys CMDB Sync for bringing the asset tags into ServiceNow. Please help me if my understanding is correct.

Khanna Ji by Tera Guru
  • 2103 Views
  • 3 replies
  • 1 helpfuls

Splunk Integration Architecture Diagram

Is there a standard architecture document for Splunk to ServiceNow integration. We know that there is a MID Server Required along with the plugin but is there anything else needed?  Customer is asking for an architecture diagram but I have not been a...

jzayicek by Kilo Contributor
  • 1793 Views
  • 3 replies
  • 0 helpfuls

Business Impact and Priority on Vulnerable Items

Can anybody help me to understand how Business Impact and Priority values are set on Vulnerable items? I do not find any calculator or matrix for this? I can see matrix only for risk calculator of Vulnerable items.

find_real_file.png
Khanna Ji by Tera Guru
  • 2285 Views
  • 4 replies
  • 1 helpfuls

Resolved! Host Detection CIs created by Qualys

Host Detecton CIs created by qualys for vulnerability response module integration are available for selection to the other ITSM modules also or only for vulnerability application?

Khanna Ji by Tera Guru
  • 1106 Views
  • 5 replies
  • 2 helpfuls

Resolved! CVE and CWE

Can anybody explain me the difference between CVE (Common Vulnerability and exposures) & CWE (Common Weakness Enumeration) ? Also please one example of each which will help me to understand them easily.

Khanna Ji by Tera Guru
  • 3512 Views
  • 5 replies
  • 3 helpfuls