URGENT: Security tags in servicenow SecOps not Auto assigning to SIR

Go to solution
Manikandan Subr
Kilo Guru

‎03-04-2020 05:57 AM

Hi, we have created the security tags and set the security tag rule as Category=“Data exposure”. 

So when a security incident is created it needs to automatically set the security tag to Data exposure. After I created the tag, it set the security tag for all the current security incidents however , when I create/update a new Security incident With category Data Exposure it does not auto assign the security tag. What am I missing? How does the security tag auto set to a ticket? 

0 Helpfuls
  • 1,791 Views
1 ACCEPTED SOLUTION

Go to solution
erik_brostrom
Mega Guru

‎04-24-2020 11:22 AM

Had to manually implement a after insert BR for Vul when we did this.

After BR w/ the following:

	var strUtil = new sn_sec_cmn.SecurityTagRulesUtil();
	strUtil.addSecurityTagByRules(current);

I'd double check the ordering on the after business rules as well, make sure its at the end.

^ should help get you started.

View solution in original post

9 REPLIES 9

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎04-24-2020 07:01 AM

@Manikandan Subramanian 

You will need to implements this yourself (Flow, Workflow, Business Rule).  For a BR, model it after "Automatically apply security tags" found on the Observables table.

 

Go ahead and mark this as Helpful or Correct.

 

Go to solution
qcj3
Kilo Guru
In response to Chris McDevitt

‎04-24-2020 11:30 AM

Chris, was this change to functionality announced and we missed it?  Also, why have a section for security tag rules if they don't run?  This appears to me to be a function that is broken.

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to qcj3

‎04-29-2020 06:36 AM

qcj3.... researching.... searching the code I do not see where it applies to SIR. The Doc seems kind of light on this subject 😉

The only place I see where they apply to is Observables. I have reached out internally to see if I can get more detail. 

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to qcj3

‎04-30-2020 12:54 PM

@qcj3 So, I am not sure about change in functionality... but I verified that this will need to build out for it to work. Alex and I then brought it to the right people's attention 🙂

 

0 Helpfuls

Go to solution
erik_brostrom
Mega Guru

‎04-24-2020 11:22 AM

Had to manually implement a after insert BR for Vul when we did this.

After BR w/ the following:

	var strUtil = new sn_sec_cmn.SecurityTagRulesUtil();
	strUtil.addSecurityTagByRules(current);

I'd double check the ordering on the after business rules as well, make sure its at the end.

^ should help get you started.