Is there any OOB feature in ServiceNow SecOps SIR that prevents closing a security incident unless assessments are completed? Or do we need to customize this with a business rule/workflow?
How is everyone getting vulnerabilities into ServiceNow for resources that do not support a scanner being installed on them? We have scanners like tanium, tenable, microsoft tvm. Looking at using the AWS Connector to bring over security findings but ...
I found bunch of Vulnerable Items have empty detections. They are newly created VITs by Tenable I.O.Can anyone suggest what possible root cause could be? Also, where should I start to look into this issue? Thank you in advance.
Hi,is there a way to recalculate only the Risk Rating fields for the Remediation Task table(s)? We've followed the documentation on how to update Risk Score Weights (sn_sec_cmn_risk_score_weight).Additionally we've added a few new Risk Score Weights ...
I've developed a workflow that will automatically create a TISC Case when certain criteria is met with an ingested Threat Report. Is there a way to associate Artifacts (specifically Observables, Indicators, and the Threat Report itself) to the newly...
Hi Team,While analyzing the Out-of-the-Box (OOB) Security Incident form in ServiceNow, I noticed a section labeled Predictive Intelligence in the Form Builder. This section contains two read-only fields:Machine Learning PredictionConfidence ScoreIt a...
I'm currently working on Quality Assurance in my ServiceNow project and am looking for a solid test strategy template. If anyone has a good reference or example to share, I’d really appreciate it. Thanks in advance!
Hi everyone, Would someone be able to give me some assistance as to why a Risk Score and Risk Rating are updating to Risk Rating of none and Risk score of 0 when all vulnerable items are closed complete? Shouldn't this keep the ratings of the our rol...
Hi, Are the Microsoft Azure Sentinel and Security Incident Response integration application from the ServiceNow supported on on-premise/self hosted instances?Regards,Finn Reidar Aasen
Hi Everyone, We have not enabled any capability related to CI enrichment but still I can see these workflow's automatically enabled and show-up in the work notes.Please find the screenshot below:Why this is getting enabled when there is no capability...
Hi all, We have Qualys integration to create vulnerabilities against CI's and the integration also creates CI in the CMDB which are not present.We were considering switching this to IRE. Is it possible out of box without any customisations? Thanks,Ra...
Hello ServiceNow Community,Context – Security and Identity Threat DetectionI’m building a comprehensive Identity Threat Detection and Response (ITDR) process using ServiceNow’s core logs: sys_audit, sysevent, and syslog_transaction. The goal is to de...
In the Security Incident Response (SIR) workspace, the Priority section includes four fields:Priority, Business Impact, Urgency, and Impact.Is Priority automatically calculated based on Urgency and Impact?What is the difference between Impact and Bus...
We are trying to use remediation target rules as a replacement for SLA's as we cannot use SLA's for Vulnerable item (sn_vul_vulnerable_item) records. Unfortunately these rules do not have a pause condition out of box as of Kingston patch 6 and this h...
We want to check the shift handover process by using advanced work assignment, please provide me the process and also provide me the info if any other alternatives are there for this!!!Thanks and regards,Siva.
