Get a first look at what's coming. The Developer Passport Australia Release Preview kicks off March 12. Dive in! 

Security Incident "Severity" and "Priority" calculation method

Go to solution
Saravanan Kris1
Mega Contributor

‎01-22-2020 02:49 AM

Dear All,

When we push the offense from QRadar to ServiceNow "Severity" and "Priority" fields are auto-populated. I would like to know how is it done within QRadar including logic for systemic process & manual and then followed by what happens on ServiceNow side. 

Can anyone help me on this.

Regards

Saravanan K

Labels:
0 Helpfuls
  • 3,066 Views
1 ACCEPTED SOLUTION

Go to solution
amaradiswamy
Mega Sage

‎01-23-2020 05:25 AM

Hi Sarvanan,

We can define the field mappings when we are configuring QRadar custom application in servicenow.

https://docs.servicenow.com/bundle/istanbul-security-management/page/product/qradar-integration/task...

For the security incidents, severity will be calculated if we define any matching severity calculators.

https://docs.servicenow.com/bundle/geneva-security-management/page/product/planning_and_policy/conce...

View solution in original post

1 REPLY 1

Go to solution
amaradiswamy
Mega Sage

‎01-23-2020 05:25 AM

Hi Sarvanan,

We can define the field mappings when we are configuring QRadar custom application in servicenow.

https://docs.servicenow.com/bundle/istanbul-security-management/page/product/qradar-integration/task...

For the security incidents, severity will be calculated if we define any matching severity calculators.

https://docs.servicenow.com/bundle/geneva-security-management/page/product/planning_and_policy/conce...