SecOps forum
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Forum Posts

Email Parsing vs Inbound Email Actions

Do we need an inbound email action, when there is already an email parsing for security operations? How is both different from each other and should both be used for processing inbound emails for security incidents or just email parsing.

SecOps email inbox for incident creation

Hi folks, I realise there is a similar question here around this topic but I don't think it fully answers my current problem and my SIRI book is not very clear on the matter... I am currently implementing Security Incident Response which has a couple...

Brian Lawes by Tera Contributor
  • 2814 Views
  • 3 replies
  • 10 helpfuls

Mobile App Screen Shot Disabled?

How can I enable Mobile App screen shot's for our development instance? My personal instance allows screen shots on my Android Samsung 8 using the Service Now mobile app, but our development instance does not. I am an administrator, etc.    We need t...

victorwelch by Tera Contributor
  • 2620 Views
  • 2 replies
  • 0 helpfuls

Resolved! Security Incident Response manual assignment

How do I remove the assignment group which was assigned automatically upon submit? I have set the assignment rule to "Manually" for the requests. Upon creating and submitting while leaving the assignment group blank, it will be automatically popula...

find_real_file.png find_real_file.png
joel_tan1991 by Kilo Contributor
  • 2659 Views
  • 7 replies
  • 2 helpfuls

Resolved! How to disable "remember me" on service portal login page?

In order to meet security compliance, I recently disabled glide.ui.forgetme on our instance. It worked great on the normal login page but the service portal login page still has the "Remember me" checkbox option (and it is functional, i.e. adds a coo...

Ryan Bray1 by ServiceNow Employee
  • 3219 Views
  • 4 replies
  • 2 helpfuls

Vulnerability Group Rule fields

Hello! I've install Vulnerability response module on my dev instance and trying to understang how it works in Kingston version. The documentation says that Vulnerability Group role has additional sections: Group by and Assignment. But in fact I see o...

find_real_file.png
Alex248 by Mega Expert
  • 1677 Views
  • 5 replies
  • 1 helpfuls

Resolved! How can I track when data is exported from an instance?

Hi, Is there any way to track if a user is exporting data from an instance? The transaction logs give me lots of information but I'm struggling to pinpoint when the function of exporting to .csv, .xls or pdf is happening. Appreciate any help...

ners by Giga Contributor
  • 3003 Views
  • 2 replies
  • 2 helpfuls

Risk score configuration

Hi, I'm just getting started with Security incident response, and I'm lost on how the risk score gets calculated out of the box. I'm trying to go through the RiskScoreUtil script include, but just wondering if someone else has already done this, and ...

cbester by Tera Contributor
  • 2366 Views
  • 3 replies
  • 1 helpfuls

Resolved! Anyone successfully activated the Crowdstrike plugin?

Greetings,We are trying to activate the Crowdstrike plugin in our dev instance for a proof of concept cycle, however, we continue to receive error messages that we are inputting incorrect API key and AIP ID info - we pulled the API info from our Crow...

Where is the correlation_id value used?

Hello..   I have been trying to understand where is the correlation_id field is used in the security operations application when managing an incoming security event.OOB, I think the SIEM (Splunk) sends a snsecevent message to SN.   I get to see the c...