Hi, When security incident is created through ITSM incident through a UI action "Create Security Incident", I want to copy some more fields from ITSM incident to the Security incident. For this, can I directly add the code to the out of box script i...
Hi guys, Not sure if I've chosen the correct topic so apologies if not. The IT security team at my company have asked what Service Now has in place to prevent SQL Injection attacks. I've had a look on Google and could not find anything specific. Do a...
i'm having an issue with importing data from Qualys into ServiceNow. Multiple assets are not showing up in the Security Operations CMDB, nor as Vulnerable Items. I have given my ServiceNow API user access to read the "All" asset group, and most asset...
Hi All, We are in need of integrating the DLP DB with ServiceNow to perform the DLP operation in ServiceNow Itself. Ticket handling also will have to do it in the ServiceNow. According to my plan. I have to create new application for DLP through st...
Hi ServiceNow Folks, Greetings. I am new to SecOps world and would like to start my Journey in SecOps. My first assignment is to implement SecOps Security incident response in my organisation i am basically from ITOM world with not so much strong b...
Morning! I know that this is probably more of a Splunk side configuration issue, so I have posted to their forum as well, but i wanted to see if anyone has any experience with this setup. I am getting an error when trying to set up the Splunk add o...
Hi All, I have a requirement on Security Incident Response as below. When a ticket is created in Secure Works then a Security Incident Response ticket in ServiceNow. Can anyone please help me with the Integration process. - Sai.
The tenable scan is running and bringing in new CI, when the CI come in the IP address is automatically setting itself to the name where we want the domain name to set itself to the name. How do i switch this?
Hello. I've integrated SN and Rapid 7 successfully, but I'm trying find out how perform repadiation process properly. When I'm closing Vulnerable Item or Vulnerable group I have two option for closure: Wait for confirmation from next scan Close vulne...
Hi, The ACL for delete operation on Discovered Item is set to nobody. What is the reason behind it? If connected Unmatched CI and Vulnerable Item will be removed and Discovered Item will be left, will it cause problems in the system? Question ...
Dear community, From the doc I can read that "A summary email, per remediation target rule, is sent when one or more vulnerable items are either approaching its remediation target date or the remediation target date has passed." What does it mean ex...
We are looking at the Security Operations module for possible deployment within our environment. We use Tenable for vulnerability scanning. WITHOUT using the Tenable.io® for Vulnerability Response plugin available in the store, can you manually imp...
I'm looking for a method of reporting on number of SIRs impacting CIs and Affected Users in a particular business division for leadership. (i.e. HR, IT, Manufacturing, etc.) I cannot use CI and Affected User attributes because often these do not li...
I just want to update choices for "alert_sensor" field. If I see the backend name of field; I could find that it is out of the box field. But I could see that it's a text field when I check in the security incident form. But when I try to configure ...
Hello all, I have created (or modified) an inbound action that creates an SIR, then adds subject to short description and so on. Everything works as expected and my regular expressions match what I am attempting to parse, however how do I get my i...
