SIRT Auto Assignment

James234
Kilo Contributor

Whenever I submit a security incident, it is picking SIRT group as an Assignment Group. Is there a way to change the this group assignment and select something else? Where can I find the setting for it?

1 ACCEPTED SOLUTION

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hi James - there is an assignment rule driving the behavior you are seeing here (i.e. SIRs being auto assigned to the SIRT group).

The Assignment Rule here is on the <sn_si_incident> table that needs to be modified.  It is called "SIRT Assignment" - refer to screenshot.

If you change this Assignment Rule to Active = False, you can achieve the behaviour you are looking for by creating a new Assignment Rule with your tailored requirement (i.e. default assignment group for newly created SIRs).  You can use the baseline "SIRT Assignment Rule" as an example / reference, when you create your new Assignment Rule specific to your requirement.

Previous post related to this also found here: https://community.servicenow.com/community?id=community_question&sys_id=ab3673e0db8f5384200f0b55ca9619e9&view_source=searchResult

find_real_file.png

View solution in original post

5 REPLIES 5

Alberto Consonn
ServiceNow Employee
ServiceNow Employee

Hi James,

Depending on your settings in the SIR Administration Configuration screen, you can assign security analysts to security incidents manually; automatically by using a workflow; or automatically by using auto-assignment.

For all the details and how to do it, I would suggest you to read carefully the following official documentation:

Assigning security analysts

If I have answered your question, please mark my response as correct so that others with the same question in the future can find it quickly and that it gets removed from the Unanswered list.

Thank you

Cheers
Alberto

My question is totally different. I do not want the security incident to be assigned to the SIRT group. I never talked about Assignee or security analyst.

 

Whenever a security incident is created, it is getting assigned to the group : SIRT. I do not want this to happen. I have a new group called Security Tier 1 and I want it to be my default group.

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hi James - there is an assignment rule driving the behavior you are seeing here (i.e. SIRs being auto assigned to the SIRT group).

The Assignment Rule here is on the <sn_si_incident> table that needs to be modified.  It is called "SIRT Assignment" - refer to screenshot.

If you change this Assignment Rule to Active = False, you can achieve the behaviour you are looking for by creating a new Assignment Rule with your tailored requirement (i.e. default assignment group for newly created SIRs).  You can use the baseline "SIRT Assignment Rule" as an example / reference, when you create your new Assignment Rule specific to your requirement.

Previous post related to this also found here: https://community.servicenow.com/community?id=community_question&sys_id=ab3673e0db8f5384200f0b55ca9619e9&view_source=searchResult

find_real_file.png

Thank you sir. I will try it out and see if it works. As of now, this seems to be the perfect solution I am expecting.