Do we need an inbound email action, when there is already an email parsing for security operations? How is both different from each other and should both be used for processing inbound emails for security incidents or just email parsing.
Hi folks, I realise there is a similar question here around this topic but I don't think it fully answers my current problem and my SIRI book is not very clear on the matter... I am currently implementing Security Incident Response which has a couple...
Hi All, As per our Client requirement it is asked to increase Mid Server Security.We have gone through the Link carefully-->https://docs.servicenow.com/bundle/london-servicenow-platform/page/product/mid-server/concept/mid-server-security-encryption.h...
How can I enable Mobile App screen shot's for our development instance? My personal instance allows screen shots on my Android Samsung 8 using the Service Now mobile app, but our development instance does not. I am an administrator, etc. We need t...
I am currently using ServiceNow to create security incidents based on alerts from my SIEM. My issue is that while I am able to select the correct group for the incident assignment, it is currently auto-assigning the incident to random users in that g...
Hi, We are trying to fetch knowledge base data from Qualys into third party vulnerabilities table using out of box integration plugin provided by ServiceNow. After proper research and analysis we have come to a conclusion that previous import xmls a...
How do I remove the assignment group which was assigned automatically upon submit? I have set the assignment rule to "Manually" for the requests. Upon creating and submitting while leaving the assignment group blank, it will be automatically popula...
In order to meet security compliance, I recently disabled glide.ui.forgetme on our instance. It worked great on the normal login page but the service portal login page still has the "Remember me" checkbox option (and it is functional, i.e. adds a coo...
Hello! I've install Vulnerability response module on my dev instance and trying to understang how it works in Kingston version. The documentation says that Vulnerability Group role has additional sections: Group by and Assignment. But in fact I see o...
Hello Guys, Could anyone help me to understand from where the below message comes and how to translation it. "your submission token does not match your session token..." Thanks Gaurav Bhandari
Hi, Is there any way to track if a user is exporting data from an instance? The transaction logs give me lots of information but I'm struggling to pinpoint when the function of exporting to .csv, .xls or pdf is happening. Appreciate any help...
Once an individual attains the CSA cert, is the next required cert the CIS-ITSM? Must an individual attain the CIS-ITSM prior to qualifying to sit for the CIS-VR exam?
Hi, I'm just getting started with Security incident response, and I'm lost on how the risk score gets calculated out of the box. I'm trying to go through the RiskScoreUtil script include, but just wondering if someone else has already done this, and ...
Greetings,We are trying to activate the Crowdstrike plugin in our dev instance for a proof of concept cycle, however, we continue to receive error messages that we are inputting incorrect API key and AIP ID info - we pulled the API info from our Crow...
Hello.. I have been trying to understand where is the correlation_id field is used in the security operations application when managing an incoming security event.OOB, I think the SIEM (Splunk) sends a snsecevent message to SN. I get to see the c...
