Hello, In the Vulnerability Response Module, we recently added Assignment Rules. Is there a way to apply these assignment rules to vulnerability groups that were created before the rules were setup? I already wrote a script to assign vulnerable ite...
hi all, we have the email inbound action part of the security incident response application and it has this out of box condition which I am not sure of is it expecting recipients to have 'sn_si' in the email address? if that is the case, do we provis...
What role is needed to be able to delete Remediation Target Rules? I have sn_vul.admin role but I don't get the option to delete them. Is there another role specific to these rules?
Update: The video and slides are now available on this page. Hello all, I am pleased to now announce that the follow-up to the February 26 tutorial, will be published on March 27 at 10am PT. This second tutorial will pick up the step-by-step guide ...
Hello all, I have a requirement to bring in all ServiceNow Security Incident Records and any available fields that could be selected into Microsoft Power BI. This is really no different that Excel Power Query but I'm running into issues and gettin...
Hello Folks, My very first post on the platform, a fairly new person to ServiceNow; especially when it is about something that is not out-the-box. I have a request where the customer wants to have the following done when a vulnerable item is identi...
Hello everyone! I'm implementing Vulnerability Response for a client and I did the upgrade to Madrid yesterday. I'm trying to update my VIs through SAM NVD. I did import all the feeds on the NVD libraries. Nothing is created.... all the business rule...
I'm trying to figure out if I should allow xlsm files (Excel Macro Enabled Workbook) into our instance. I want to say "no" just because those files can use VB and I don't know what code people write. Does anyone know if there are security concerns w...
Hi all, Can someone please explain to me how the 'Age' field is calculated on a vulnerable item. It appears to be in 'days' before change to milliseconds. I'd like to know what is the trigger point for when it changes.
Hi All,I need to connet QRadar SIEM to ServiceNow using the Mid-Server.Which ports I need to open between QRadar and Mid-Server ?RegardsVincenzo
Hello, The user profile we created in service-now authenticates if I enter credentials by hitting the EDL URL from my browser. When I test the same URL from the Palo Alto Firewall(Panorama/v8.1.16) itself, I get a URL access error. I followed the in...
Hello all, So I know event management is the preferred means of dealing with INC in ServiceNow and that when one is using the default ServiceNow incident creation abilities, one can use the Duplication Rules. In our situation, we have so many thin...
Hi All, I'm being asked to step in and assist in create/perform some SecOps ServiceNow ITIL user level training in a few weeks. Looking for examples of Sec Analyst/Manager level ServiceNow training anyone has given or just some pointers on key area...
What is the use of playbook? Can anyone help with some link or PDF regarding playbook functionality.
In our Security Incident module, priority is calculated when the record is first created. It is calculated again if the "Calculate Severity" UI Action is selected (if updates were made that would cause it to change). Any ideas on how I could make th...
