Resolved! Discovered Items not matching existing CI
We are using Qualys to import our vulnerabilities. When a discovered item doesn't match an existing CI, how do you resolve that?
Forum Posts
Resolved! wait for condition in flow designer
Hi experts, I am using flow designer , in which I need to wait until all the existing response tasks are completed and then move further. I am using wait for condition action in flow designer ad have written a script for it. But when I check flow exe...
Qualys scan from Servicenow -
Hello, While initiating scans from Servicenow to Qualys, I get the below error. I am using the "rescan vulnerable items" UI action from the VUL record. Error: Unsuccessful response from server. Status code: 400 I have already default_scan_applian...
Resolved! OnSubmit Abort Action for Record Producer on Portal for Cross Scoping
Hi All, I have found an issue on portal, we have a record producer created in Global scope which is available on portal. Now we are using Security Operations. So this record producer is available to Create Security Incidents. On record producer We ha...
Resolved! Security Incident Phishing Email PHIS0010001
I have configured email ingestion and I can see it created some record called Security Incident Phishing Email PHIS0010001 I wanted to create direct Security Incident. Is there anything changed recently which caused this record creation? Also system ...
Resolved! I am trying to setup SLAs for Security Incidents based on Severity but i am getting multiple SLAs applied
I have created two SLAs setup for Low and Medium Severity. I have an inbound email action to manually set the Severity to 3-Low if the Subject has Low and an email action to set the Medium email subject Severity to 2-Medium. The Security incident tha...
Resolved! Please share your valuable experience on security incidents , or SecOps, scenario based interview questions will be much appreciated.
I am experimenting with different modules of SecOps ,any advice,scenarios based, issues faced or interview questions would be really helpful! Thanks a ton!!
Resolved! Security Incident Response - Task view for non security groups
hi all, We have some security incident tasks assigned to some other teams who might need read-only access to the incident ticket and also the assigned task. I tried assigning sn_si.external and sn_si.special_access but ithe users are still unable to ...
Resolved! Servicenow Qualys Integration - Asset Tag
Hi There, As per the docs, Servicenow Qualys Host detection Integration retrieves host tags(Asset tag) from Qualys. We had ran the Qualys job once and I could see the field named 'Qualys host ID' gets updated in our CMDB table with the relevant data ...
Jobs are stuck in ECC Queue in ready state
Hi All, As part of Splunk ES to SIR integration, some of the alerts are not getting converted into a security incident. When found in the ECC queue, we are seeing most of the jobs are stuck in ready state. Could someone help with if any schedule is g...
Resolved! Mark service accounts as internal integration users
reference the SN documentation with regards to creating service accounts here, my understanding is that this checkbox should be checked so to prevent someone from logging into SN as a normal user would. I would like to know that if SSO is enabled, t...
Resolved! VRM Application Behavior - False Positive Closure | Reopen of VIT | Best Practice on SLA
Version: Orlando VIT or VUL is tagged as Closed Manually and reason for closure is a false positive. What will happen in the next Vulnerability Import? Will the system re-open the manually closed item or it doesn't do anything?VIT is remediated and...
Pen Testing on ServiceNow Instance
Hi, We are trying to find out more on Penetration testing on our ServiceNow Instance and have the following questions - Do we have to use third party tools to do Penetration testing? if so are there are recommendations from anyone who has used those?...
Resolved! What to do with vulnerabilities on a CI that has gone to retired?
Scenario A : An active CI has five vulnerabilities.The active CI state changes to Retired. What is best practice / industry standard for VI's related to CI's? Do we close the VI's? Scenario B : An active CI has five vulnerabilities. The CI has not ...
How is the Risk score calculated for Vulnerability Solution
Hi, I am working on Vulnerability Response module where facing one issue. I want to know how to calculate Risk score for Vulnerability solution. I have gone through below docs link where they have given below formula but its not working. https://docs...
