Hi All, I have a requirement on Security Incident Response as below. When a ticket is created in Secure Works then a Security Incident Response ticket in ServiceNow. Can anyone please help me with the Integration process. - Sai.
The tenable scan is running and bringing in new CI, when the CI come in the IP address is automatically setting itself to the name where we want the domain name to set itself to the name. How do i switch this?
Hello. I've integrated SN and Rapid 7 successfully, but I'm trying find out how perform repadiation process properly. When I'm closing Vulnerable Item or Vulnerable group I have two option for closure: Wait for confirmation from next scan Close vulne...
Hi, The ACL for delete operation on Discovered Item is set to nobody. What is the reason behind it? If connected Unmatched CI and Vulnerable Item will be removed and Discovered Item will be left, will it cause problems in the system? Question ...
Dear community, From the doc I can read that "A summary email, per remediation target rule, is sent when one or more vulnerable items are either approaching its remediation target date or the remediation target date has passed." What does it mean ex...
We are looking at the Security Operations module for possible deployment within our environment. We use Tenable for vulnerability scanning. WITHOUT using the Tenable.io® for Vulnerability Response plugin available in the store, can you manually imp...
I'm looking for a method of reporting on number of SIRs impacting CIs and Affected Users in a particular business division for leadership. (i.e. HR, IT, Manufacturing, etc.) I cannot use CI and Affected User attributes because often these do not li...
I just want to update choices for "alert_sensor" field. If I see the backend name of field; I could find that it is out of the box field. But I could see that it's a text field when I check in the security incident form. But when I try to configure ...
Hello all, I have created (or modified) an inbound action that creates an SIR, then adds subject to short description and so on. Everything works as expected and my regular expressions match what I am attempting to parse, however how do I get my i...
Hello All, I was looking to test the setup of a taxii profile in my developer instance. I followed the documentation on the SN website and what I found on the related website but I receive a 406 error when trying to connect. I checked with someone wh...
According to the information provided by glennpinto's answer in this link, if there are field level ACL's defined on a table then a role having only a tableName.none ACL will not have visibility to those fields. The role would need its own ACL's on ...
when i search for splunk integration plugin in servicenow develper instance,it is not present there. I want to test splunk servicenow integration for incident creation. I have developer instance from service now,any one please help how can i install ...
Hello, In the Vulnerability Response Module, we recently added Assignment Rules. Is there a way to apply these assignment rules to vulnerability groups that were created before the rules were setup? I already wrote a script to assign vulnerable ite...
hi all, we have the email inbound action part of the security incident response application and it has this out of box condition which I am not sure of is it expecting recipients to have 'sn_si' in the email address? if that is the case, do we provis...
What role is needed to be able to delete Remediation Target Rules? I have sn_vul.admin role but I don't get the option to delete them. Is there another role specific to these rules?
