- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-03-2019 12:48 AM
Whenever I submit a security incident, it is picking SIRT group as an Assignment Group. Is there a way to change the this group assignment and select something else? Where can I find the setting for it?
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-03-2019 07:02 AM
Hi James - there is an assignment rule driving the behavior you are seeing here (i.e. SIRs being auto assigned to the SIRT group).
The Assignment Rule here is on the <sn_si_incident> table that needs to be modified. It is called "SIRT Assignment" - refer to screenshot.
If you change this Assignment Rule to Active = False, you can achieve the behaviour you are looking for by creating a new Assignment Rule with your tailored requirement (i.e. default assignment group for newly created SIRs). You can use the baseline "SIRT Assignment Rule" as an example / reference, when you create your new Assignment Rule specific to your requirement.
Previous post related to this also found here: https://community.servicenow.com/community?id=community_question&sys_id=ab3673e0db8f5384200f0b55ca9619e9&view_source=searchResult

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-03-2019 12:56 AM
Hi James,
Depending on your settings in the SIR Administration Configuration screen, you can assign security analysts to security incidents manually; automatically by using a workflow; or automatically by using auto-assignment.
For all the details and how to do it, I would suggest you to read carefully the following official documentation:
If I have answered your question, please mark my response as correct so that others with the same question in the future can find it quickly and that it gets removed from the Unanswered list.
Thank you
Cheers
Alberto
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-03-2019 01:05 AM
My question is totally different. I do not want the security incident to be assigned to the SIRT group. I never talked about Assignee or security analyst.
Whenever a security incident is created, it is getting assigned to the group : SIRT. I do not want this to happen. I have a new group called Security Tier 1 and I want it to be my default group.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-03-2019 07:02 AM
Hi James - there is an assignment rule driving the behavior you are seeing here (i.e. SIRs being auto assigned to the SIRT group).
The Assignment Rule here is on the <sn_si_incident> table that needs to be modified. It is called "SIRT Assignment" - refer to screenshot.
If you change this Assignment Rule to Active = False, you can achieve the behaviour you are looking for by creating a new Assignment Rule with your tailored requirement (i.e. default assignment group for newly created SIRs). You can use the baseline "SIRT Assignment Rule" as an example / reference, when you create your new Assignment Rule specific to your requirement.
Previous post related to this also found here: https://community.servicenow.com/community?id=community_question&sys_id=ab3673e0db8f5384200f0b55ca9619e9&view_source=searchResult
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-03-2019 08:03 AM