Use AntiGravity to understand ServiceNow SecOps Configuration Compliance process guide, it has generated below rdf once I rendered this in IBM ICA Context studio it created following
<?xml version="1.0" encoding="UTF-8"?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
xmlns:owl="http://www.w3.org/2002/07/owl#"
xmlns:cc="http://ibm.com/ica/secops/cc#">
<owl:Ontology rdf:about="http://ibm.com/ica/secops/cc">
<rdfs:label>ServiceNow Configuration Compliance Schema</rdfs:label>
<rdfs:comment>Schema for ServiceNow SecOps Configuration Compliance generated for IBM ICA based on the Process Guide.</rdfs:comment>
</owl:Ontology>
<!-- Core Entities -->
<owl:Class rdf:about="http://ibm.com/ica/secops/cc#ConfigurationItem">
<rdfs:label>Configuration Item (CI)</rdfs:label>
<rdfs:comment>A logical or physical resource in the ServiceNow CMDB. Contains supporting information like ownership and relationships to other CIs.</rdfs:comment>
</owl:Class>
<owl:Class rdf:about="http://ibm.com/ica/secops/cc#ConfigurationTest">
<rdfs:label>Configuration Test</rdfs:label>
<rdfs:comment>A mechanism to check asset compliance against policies or specific technical controls.</rdfs:comment>
</owl:Class>
<owl:Class rdf:about="http://ibm.com/ica/secops/cc#TestResult">
<rdfs:label>Test Result</rdfs:label>
<rdfs:comment>Represents the status of the latest execution of a Configuration test on a Configuration Item (CI + Configuration Test = Test Result).</rdfs:comment>
</owl:Class>
<owl:Class rdf:about="http://ibm.com/ica/secops/cc#RemediationTask">
<rdfs:label>Remediation Task</rdfs:label>
<rdfs:comment>A single unit of work representing a collection of similar Test Results, previously known as a Test Result Group.</rdfs:comment>
</owl:Class>
<!-- Policy & Governance -->
<owl:Class rdf:about="http://ibm.com/ica/secops/cc#Policy">
<rdfs:label>Policy</rdfs:label>
<rdfs:comment>Defines how a class of technology assets should be governed.</rdfs:comment>
</owl:Class>
<owl:Class rdf:about="http://ibm.com/ica/secops/cc#Control">
<rdfs:label>GRC Control</rdfs:label>
<rdfs:comment>Internal Policy Statements from ServiceNow GRC Policy and Compliance that define a Control applied to the assets.</rdfs:comment>
</owl:Class>
<owl:Class rdf:about="http://ibm.com/ica/secops/cc#AuthoritativeSource">
<rdfs:label>Authoritative Source</rdfs:label>
<rdfs:comment>References to information about known software and hardware configuration issues defining security requirements.</rdfs:comment>
</owl:Class>
<owl:Class rdf:about="http://ibm.com/ica/secops/cc#Citation">
<rdfs:label>Citation</rdfs:label>
<rdfs:comment>Specific mandates that link tests to authoritative sources.</rdfs:comment>
</owl:Class>
<!-- Roles & Responsibilities -->
<owl:Class rdf:about="http://ibm.com/ica/secops/cc#Role">
<rdfs:label>Role</rdfs:label>
<rdfs:comment>Roles defined in the Configuration Compliance process.</rdfs:comment>
</owl:Class>
<!-- Object Properties (Relationships) -->
<owl:ObjectProperty rdf:about="http://ibm.com/ica/secops/cc#hasTest">
<rdfs:domain rdf:resource="http://ibm.com/ica/secops/cc#TestResult"/>
<rdfs:range rdf:resource="http://ibm.com/ica/secops/cc#ConfigurationTest"/>
</owl:ObjectProperty>
<owl:ObjectProperty rdf:about="http://ibm.com/ica/secops/cc#hasCI">
<rdfs:domain rdf:resource="http://ibm.com/ica/secops/cc#TestResult"/>
<rdfs:range rdf:resource="http://ibm.com/ica/secops/cc#ConfigurationItem"/>
</owl:ObjectProperty>
<owl:ObjectProperty rdf:about="http://ibm.com/ica/secops/cc#groupedInto">
<rdfs:domain rdf:resource="http://ibm.com/ica/secops/cc#TestResult"/>
<rdfs:range rdf:resource="http://ibm.com/ica/secops/cc#RemediationTask"/>
</owl:ObjectProperty>
<owl:ObjectProperty rdf:about="http://ibm.com/ica/secops/cc#testsComplianceOf">
<rdfs:domain rdf:resource="http://ibm.com/ica/secops/cc#ConfigurationTest"/>
<rdfs:range rdf:resource="http://ibm.com/ica/secops/cc#Control"/>
</owl:ObjectProperty>
<owl:ObjectProperty rdf:about="http://ibm.com/ica/secops/cc#belongsToPolicy">
<rdfs:domain rdf:resource="http://ibm.com/ica/secops/cc#ConfigurationTest"/>
<rdfs:range rdf:resource="http://ibm.com/ica/secops/cc#Policy"/>
</owl:ObjectProperty>
<owl:ObjectProperty rdf:about="http://ibm.com/ica/secops/cc#hasCitation">
<rdfs:domain rdf:resource="http://ibm.com/ica/secops/cc#ConfigurationTest"/>
<rdfs:range rdf:resource="http://ibm.com/ica/secops/cc#Citation"/>
</owl:ObjectProperty>
<!-- Datatype Properties (Attributes) -->
<owl:DatatypeProperty rdf:about="http://ibm.com/ica/secops/cc#riskScore">
<rdfs:domain rdf:resource="http://ibm.com/ica/secops/cc#TestResult"/>
<rdfs:range rdf:resource="http://www.w3.org/2001/XMLSchema#integer"/>
<rdfs:comment>Score from 0 to 100 based on criticality and asset exposure.</rdfs:comment>
</owl:DatatypeProperty>
<owl:DatatypeProperty rdf:about="http://ibm.com/ica/secops/cc#riskRating">
<rdfs:domain rdf:resource="http://ibm.com/ica/secops/cc#TestResult"/>
<rdfs:range rdf:resource="http://www.w3.org/2001/XMLSchema#string"/>
<rdfs:comment>Values include: Critical, High, Medium, Low, None.</rdfs:comment>
</owl:DatatypeProperty>
<owl:DatatypeProperty rdf:about="http://ibm.com/ica/secops/cc#targetRemediationDate">
<rdfs:domain rdf:resource="http://ibm.com/ica/secops/cc#RemediationTask"/>
<rdfs:range rdf:resource="http://www.w3.org/2001/XMLSchema#dateTime"/>
</owl:DatatypeProperty>
<owl:DatatypeProperty rdf:about="http://ibm.com/ica/secops/cc#state">
<rdfs:domain rdf:resource="http://ibm.com/ica/secops/cc#RemediationTask"/>
<rdfs:range rdf:resource="http://www.w3.org/2001/XMLSchema#string"/>
<rdfs:comment>States: Open, Under Investigation, Awaiting Implementation, Deferred, Resolved, In Review, Closed.</rdfs:comment>
</owl:DatatypeProperty>
</rdf:RDF>
Complete knowledge graph post uploading of CC process guide
Example prompts and response
Can you create a simple business requirements to implement waiver process for configuration compliance test results
I'll query the context to understand the current Configuration Compliance process, then create business requirements for implementing a waiver process.
I want to use a tool on the context-studio MCP server:
context-studio
Completed
context-broker-hybrid-query
Combines semantic similarity and graph relationships for comprehensive context retrieval
"{\n \"context_id\": \"ctx_be0894ff1ef4\",\n \"AgentPersona\": \"ServiceNow Business Analyst\",\n \"query\": \"What is the current process for handling configuration compliance test results, remediation tasks, and exceptions or waivers?\",\n \"sources\": [\"graph\", \"vector\"],\n \"vector_params\": {\n \"top_k\": 10\n },\n \"graph_params\": {\n \"max_depth\": 1,\n \"limit\": 5\n }\n}"I'll now query for more specific information about exception handling, risk management, and approval processes to inform the waiver requirements.
I want to use a tool on the context-studio MCP server:
context-studio
Completed
context-broker-hybrid-query
Combines semantic similarity and graph relationships for comprehensive context retrieval
"{\n \"context_id\": \"ctx_be0894ff1ef4\",\n \"AgentPersona\": \"ServiceNow Business Analyst\",\n \"query\": \"What are the approval processes, state transitions, lifecycle management, and risk scoring mechanisms for test results and remediation tasks? How are exceptions or non-active states handled?\",\n \"sources\": [\"graph\", \"vector\"],\n \"vector_params\": {\n \"top_k\": 8\n },\n \"graph_params\": {\n \"max_depth\": 1,\n \"limit\": 5\n }\n}"
Created business requirements for Configuration Compliance waiver process including:
- Scope Card: Waiver requests for test results with approval workflow, 6 in-scope items, 4 out-of-scope
- Process Flow: Current 4-step vs. future 8-step waiver workflow
- Roadmap: Now (MVP in 6-8 weeks), Next (bulk + notifications), Later (GRC integration)
- 5 User Stories: Request waiver, approve/reject, track waivers, handle expiration, reporting - each with 3-5 acceptance criteria
- Dependencies: 4 technical, 3 risks with mitigations, 4 open questions
- Success Metrics: Primary (30% reduction in aged items), 2 secondary, 1 guardrail
- ServiceNow Details: New waiver table, modified Test Result states, roles, Flow Designer workflow, UI actions, notifications
Ready for stakeholder review and MVP scope approval decision.
another example context for vulnerability management app schema
