Hi, I need to understand how the process behind rollup calculators works. I do know it uses a weighted average of scores but what I need to know is how do you apply a calculator to a vuln group or groups. Unlike vulnerability calculators where th...
Hi Secops Experts, I am planning to integrate ServiceNow vulnerability application with Qualys Vulnerabilities for pulling in data to ServiceNow. What is your suggestion for this integration on data consideration. 1) Should I pull all vulnerabilities...
What is the basic difference between edge level and column level encryption. What is the most specific to work with for data encryption.
Hello, In Sightings Search Configuration it is possible to create multiple searches per Observable Type. Is it possible to then allow analysts to chose the search they want to use when running a Sightings Search in an SIR? For example, I'd like to ha...
Does anyone have a best practice or workflow suggestion on using the SecOps module for Insider Threat investigations? One requirement is making sure that the scope of knowledge is limited to just one group in the SOC. Therefore, VM and IR teams are...
Hello everyone, I'm developing Security Incident Response module for a cliente. It's my first experience managing scopes. I have created an update set on Security Incident scope but when I do some changes I see the following records created on the up...
We are in the process of initiating the Qualys integration to ServiceNow as part of an internal VR project. What is the best practice approach to limit, or filter, income vulnerabilities based on Asset Class (CMDB Class) and then vulnerability severi...
Is there an existing method, property or widget that shows a user their last logged on time when they first log in?
Qualys integration runs show there are some duplicate values. Does this just show the message that there are duplicates or it created duplicate records in the system? Please help me to understand this. Module in App navigator : Qualys Vulnerability I...
Hi, A member of the security team has asked me if there is a way to assign a security incident to an individual, so that only they can see it. From my research, I can see that I would need to set up new groups so they are available for the Sec Ops te...
I have integrated Qualys with ServiceNow and it started created items and groups with Qualys Ids (QIDs). The issue with these QIDs is that Threat and Solution fields are coming as blank. There must be some information about this third party vulnerabi...
Does ServiceNow Qualys Integration brings asset tags into ServiceNow? I don't think so, we need Qualys CMDB Sync for bringing the asset tags into ServiceNow. Please help me if my understanding is correct.
Is there a standard architecture document for Splunk to ServiceNow integration. We know that there is a MID Server Required along with the plugin but is there anything else needed? Customer is asking for an architecture diagram but I have not been a...
At times we get multiple emails (that might not always be in the same format) for the same security issue (ex. a compromised account). We are not wanting to create Security Incidents for each email regarding the same issue, but only one. Please can a...
Can anybody help me to understand how Business Impact and Priority values are set on Vulnerable items? I do not find any calculator or matrix for this? I can see matrix only for risk calculator of Vulnerable items.
