Security Incident Response Re-open feature
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2024 01:25 PM
This question has been asked before. I am not asking for a solution.
Just wondering if the Re-open feature is there on the Security Incident Response (SIR) roadmap for Security Incidents?
Trying to figure out if its worth developing or will be available in the near future. Thanks.
- Labels:
-
Security Incident Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2024 03:57 AM
Hi @faadi
The "Re-open" feature is not explicitly listed on the ServiceNow Security Incident Response (SIR)
ServiceNow Security Incident Response process has the following recommended state model options, which follow generally accepted Security Frameworks from NIST and SANS:
NIST | SANS | Description |
Draft | Draft | The request initiator adds information about the security incident, but it is not yet ready to be worked on. |
Analysis | Analysis | The incident has been assigned and the issue is being analyzed. |
Contain | Contain | The issue has been identified, and the security staff is working to contain it and perform damage control actions (taking servers offline, disconnecting from the Internet, and verifying that backups exist. |
Eradicate | Eradicate | The issue has been contained and the security staff is taking steps to fix the issue. |
Recover | Recover | The issue is resolved, and the operational readiness of the affected systems is being verified. |
Review | Review | The security incident is complete, and all systems are back to normal function, however, a post incident review is still needed. |
Closed | Closed | The incident is complete but before a security incident can be closed, you must fill out the information on the Closure Information tab. |
Cancelled | Cancelled | The incident was cancelled. |
…………………………………………........................................................................................
Mark it helpful 👍and Accept Solution ✅!! If this helps you to understand.
…………………………………………........................................................................................