Hi @faadi
The "Re-open" feature is not explicitly listed on the ServiceNow Security Incident Response (SIR)
ServiceNow Security Incident Response process has the following recommended state model options, which follow generally accepted Security Frameworks from NIST and SANS:
NIST | SANS | Description |
Draft | Draft | The request initiator adds information about the security incident, but it is not yet ready to be worked on. |
Analysis | Analysis | The incident has been assigned and the issue is being analyzed. |
Contain | Contain | The issue has been identified, and the security staff is working to contain it and perform damage control actions (taking servers offline, disconnecting from the Internet, and verifying that backups exist. |
Eradicate | Eradicate | The issue has been contained and the security staff is taking steps to fix the issue. |
Recover | Recover | The issue is resolved, and the operational readiness of the affected systems is being verified. |
Review | Review | The security incident is complete, and all systems are back to normal function, however, a post incident review is still needed. |
Closed | Closed | The incident is complete but before a security incident can be closed, you must fill out the information on the Closure Information tab. |
Cancelled | Cancelled | The incident was cancelled. |
…………………………………………........................................................................................
Mark it helpful 👍and Accept Solution ✅!! If this helps you to understand.
…………………………………………........................................................................................
