SIRT Auto Assignment

Go to solution
James234
Kilo Contributor

‎01-03-2019 12:48 AM

Whenever I submit a security incident, it is picking SIRT group as an Assignment Group. Is there a way to change the this group assignment and select something else? Where can I find the setting for it?

0 Helpfuls
  • 1,329 Views
1 ACCEPTED SOLUTION

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee

‎01-03-2019 07:02 AM

Hi James - there is an assignment rule driving the behavior you are seeing here (i.e. SIRs being auto assigned to the SIRT group).

The Assignment Rule here is on the <sn_si_incident> table that needs to be modified.  It is called "SIRT Assignment" - refer to screenshot.

If you change this Assignment Rule to Active = False, you can achieve the behaviour you are looking for by creating a new Assignment Rule with your tailored requirement (i.e. default assignment group for newly created SIRs).  You can use the baseline "SIRT Assignment Rule" as an example / reference, when you create your new Assignment Rule specific to your requirement.

Previous post related to this also found here: https://community.servicenow.com/community?id=community_question&sys_id=ab3673e0db8f5384200f0b55ca9619e9&view_source=searchResult

find_real_file.png

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
Alberto Consonn
ServiceNow Employee
ServiceNow Employee

‎01-03-2019 12:56 AM

Hi James,

Depending on your settings in the SIR Administration Configuration screen, you can assign security analysts to security incidents manually; automatically by using a workflow; or automatically by using auto-assignment.

For all the details and how to do it, I would suggest you to read carefully the following official documentation:

Assigning security analysts

If I have answered your question, please mark my response as correct so that others with the same question in the future can find it quickly and that it gets removed from the Unanswered list.

Thank you

Cheers
Alberto

0 Helpfuls

Go to solution
James234
Kilo Contributor
In response to Alberto Consonn

‎01-03-2019 01:05 AM

My question is totally different. I do not want the security incident to be assigned to the SIRT group. I never talked about Assignee or security analyst.

 

Whenever a security incident is created, it is getting assigned to the group : SIRT. I do not want this to happen. I have a new group called Security Tier 1 and I want it to be my default group.

0 Helpfuls

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee

‎01-03-2019 07:02 AM

Hi James - there is an assignment rule driving the behavior you are seeing here (i.e. SIRs being auto assigned to the SIRT group).

The Assignment Rule here is on the <sn_si_incident> table that needs to be modified.  It is called "SIRT Assignment" - refer to screenshot.

If you change this Assignment Rule to Active = False, you can achieve the behaviour you are looking for by creating a new Assignment Rule with your tailored requirement (i.e. default assignment group for newly created SIRs).  You can use the baseline "SIRT Assignment Rule" as an example / reference, when you create your new Assignment Rule specific to your requirement.

Previous post related to this also found here: https://community.servicenow.com/community?id=community_question&sys_id=ab3673e0db8f5384200f0b55ca9619e9&view_source=searchResult

find_real_file.png

0 Helpfuls

Go to solution
James234
Kilo Contributor
In response to andy_ojha

‎01-03-2019 08:03 AM

Thank you sir. I will try it out and see if it works. As of now, this seems to be the perfect solution I am expecting.
0 Helpfuls