Security Incident Response Re-open feature

faadi
Tera Contributor

This question has been asked before. I am not asking for a solution.

Just wondering if the Re-open feature is there on the Security Incident Response (SIR) roadmap for Security Incidents?

 

Trying to figure out if its worth developing or will be available in the near future. Thanks.

 

 

1 REPLY 1

Satishkumar B
Giga Sage
Giga Sage

Hi @faadi 

The "Re-open" feature is not explicitly listed on the ServiceNow Security Incident Response (SIR)

ServiceNow Security Incident Response process has the following recommended state model options, which follow generally accepted Security Frameworks from NIST and SANS:

NIST

SANS

Description

Draft

Draft

The request initiator adds information about the security incident, but it is not yet ready to be worked on.

Analysis

Analysis

The incident has been assigned and the issue is being analyzed.

Contain

Contain

The issue has been identified, and the security staff is working to contain it and perform damage control actions (taking servers offline, disconnecting from the Internet, and verifying that backups exist.

Eradicate

Eradicate

The issue has been contained and the security staff is taking steps to fix the issue.

Recover

Recover

The issue is resolved, and the operational readiness of the affected systems is being verified.

Review

Review

The security incident is complete, and all systems are back to normal function, however, a post incident review is still needed.

Closed

Closed

The incident is complete but before a security incident can be closed, you must fill out the information on the Closure Information tab.

Cancelled

Cancelled

The incident was cancelled.

 

…………………………………………........................................................................................
Mark it helpful 👍and Accept Solution !! If this helps you to understand.

…………………………………………........................................................................................