Security Incident "Severity" and "Priority" calculation method

Go to solution
Saravanan Kris1
Mega Contributor

‎01-22-2020 02:49 AM

Dear All,

When we push the offense from QRadar to ServiceNow "Severity" and "Priority" fields are auto-populated. I would like to know how is it done within QRadar including logic for systemic process & manual and then followed by what happens on ServiceNow side. 

Can anyone help me on this.

Regards

Saravanan K

Labels:
0 Helpfuls
  • 2,400 Views
1 ACCEPTED SOLUTION

Go to solution
amaradiswamy
Kilo Sage

‎01-23-2020 05:25 AM

Hi Sarvanan,

We can define the field mappings when we are configuring QRadar custom application in servicenow.

https://docs.servicenow.com/bundle/istanbul-security-management/page/product/qradar-integration/task...

For the security incidents, severity will be calculated if we define any matching severity calculators.

https://docs.servicenow.com/bundle/geneva-security-management/page/product/planning_and_policy/conce...

View solution in original post

1 REPLY 1

Go to solution
amaradiswamy
Kilo Sage

‎01-23-2020 05:25 AM

Hi Sarvanan,

We can define the field mappings when we are configuring QRadar custom application in servicenow.

https://docs.servicenow.com/bundle/istanbul-security-management/page/product/qradar-integration/task...

For the security incidents, severity will be calculated if we define any matching severity calculators.

https://docs.servicenow.com/bundle/geneva-security-management/page/product/planning_and_policy/conce...