K18 - Security Incident Response Implementation (PCIT2014)

Dave Smith1 · ‎05-05-2018

Use this article to post questions and discussion during the K18 Security Incident Response Implementation class.

This article will be monitored throughout the two days of pre-conference, so raise questions here!

After pre-conference, please post your questions to the Security Operations Community.

Thanks!

Dave Smith1 · ‎05-05-2018

Introduce yourself here, such as:

name, company, role, duties - who are you, where are you from, what do you do?
experience and exposure - what is your security/platform knowledge and experience?
specific objectives - what particular topics are you interested in?

Josh82 · ‎05-06-2018

Josh Bernson, CTO with ITS. Duties: research, recommendation, and implementation of new technologies.
Experience: Worked with ServiceNow for five years. Implemented SIR multiple times as part of ITS' alpha and beta program, but there is always more to learn.
I'd like to get better at Threat Intelligence and cover just hear more experiences with the application and platform.

knicholson · ‎05-06-2018

Intro: Kelly Nicholson, IT Security Manager @ NORCAL Group

Responsibilities: Evaluate risk to our organization, recommend mitigating security controls, oversee staff who monitor and analyze environment, etc..

Experience with SN: Customer @ two different companies spanning total of about 7 years. Experience with SN includes ticketing platform & service portal, CMDB, Project Mgmt, Custom Claims Platform, and most recently, SecOps to include SIR and VulnMgmt.
Objectives: We recently purchased SecOps so I am looking for some hands on experience within the platform where I can take this back to my company and provide similar training/share knowledge.
Course Module of Interest:

Security Incident Integrations & Automating Processes

kevinlenienweav · ‎05-06-2018

Kevin Leinenweaver, Systems Engineer with ENS Inc: Senior Implementer for ServiceNow

Experience: Worked for ServiceNow for 3 years then moved to a partner for the past 1.2 years.

Objectives: Interested in so many things, it's hard to count!

ronprice · ‎05-06-2018

Ron Price, Senior Solutions Consultant; CareWorks Tech - a Silver ServiceNow implementation partner

Experience: ServiceNow user for 4 years; Implementation partner for the last 2 1/2 years

Objectives: Gain understanding of SIRI to be able to assist our customers as well as potential tie-ins to GRC

msjoegreen · ‎05-06-2018

Michael Rotboell Sjoegreen, KPMG Denmark, Solutions Architect.

Worked with ServiceNow since 2012 first 3 years as a customer then as a partner.
I have been all over the place regarding ServiceNow and Applications, for Security Incidents I have made a few custom applications before SecOps were a thing in ServiceNow.

When implementing for clients we are always looking at automations as a way to speedup processes.

jresendes1 · ‎05-06-2018

Jason Resendes, Solution Arch, Scalar Decisions - ServiceNow Partner
3 years experience with ServiceNow, just starting SecOps in ServiceNow
To learn more SecOps in ServiceNow

Robert Simmons · ‎05-06-2018

Bob Simmons, Sirius (ServiceNow Partner), IT Service Management Consultant

Experience: No development experience with ServiceNow. Have used it for a few years. Not much experience in Security. Familiar with Security best practices, specifically around patch and vulnerability management.

Objectives: Learn more about SecOps and Security best practices.

George61 · ‎05-06-2018

George Magallanes, Principal Solutions Architect @AHEAD LLC. (ITSM, ITAM, ITOM, SOM)

30yrs IT

12yrs ITSM

6yrs ServiceNow

Both as a customer and consultant.

Joshua Brown · ‎05-06-2018

Joshua Brown, ITS Partners, Lead Architect, ServiceNow Platform - Responsible for the service implementation for SecOps and ITSM
Experience: 5 years of ServiceNow implementation and development, 10 years consulting experience with automation and integration with Security products
Objectives Learn more about best practice for SecOps implementations

Himanshu8 · ‎05-06-2018

Himanshu Anand, SIEM engineering and Cyber orchestration engineering lead at EY.

Working with ServiceNow since last year with EY's ServiceNow COE team. Did some POCs with SIR but looking to build on that to learn what are the key steps involved for a full scale implementation and get more hands on with the platform.

Mike Bender · ‎05-06-2018

Mike Bender, Dignity Health, IT Security Analyst - Incident Response

We stood up Security Incident Response in January and I'm (slowly) being groomed to be the admin. I've been in security as a whole for just over two years.

I'm specifically looking for best practices and recommendations to enhance our current implementation, while also limiting how often we rely on contractors to build out the platform for us.

Vikas17 · ‎05-06-2018

Vikas Kapoor, ServiceNow Practice Lead at Jade Global - ServiceNow Services Partner
Been involved with ServiceNow since 2016
My objective from this session is to understand SIRI processes to be able to assist our customers and provide structured solutions

Tom R_ · ‎05-06-2018

name, company, role, duties - Tom Russo, Accenture Federal Services, Solutions Platform Architect
experience and exposure - Been working with ServiceNow since Eureka. Executed implementation of ITSM, HR, many agency specific custom applications supporting internal, external, and public users, as well as integration with many third party software using APIs using MuleSoft to exchange data.
specific objectives - Learn what gaps ServiceNow security and incident response will fill in a market full of SECOP tools.

ms83 · ‎05-06-2018

Miguel Sandoval, direktgruppe, IT System Consultant - germany, implementing ServiceNow
4 years experience with servicenow - no expereicence in SecOps
i am curios about Security Incident and want to learn more about it and how to implement it best way

sdinis · ‎05-06-2018

name, company, role, duties - Shawn Dinis, Solution Consultant, Scalar Decisions - ServiceNow Partner
experience and exposure - 3 Years experience with ServicenNow. ITSM,ITOM and now getting into SecOps.
specific objectives - Learn more about Security Incident in ServiceNow

qfawcett · ‎05-06-2018

Quinn Fawcett, Consultant working with Kansas City Southern Railroad, chief architect / development lead

Working with ServiceNow since 2009. Worked as a technical consultant for ServiceNow PS from beginning of 2012 to end of 2014.

KCSR is implementing Security Incident Response and Vulnerability Response in 2018. Want to understand as much as possible about how to implement these applications.

George61 · ‎05-06-2018

BRACE CHANGE!!!

Loni T_ · ‎05-06-2018

Loni Taylor, Senior Programmer working at Spring ISD in Houston, Texas.

Control all district applications programming, maintenance, data integration and primary admin for District ServiceNow implementation. Working with ServiceNow two years, some security experience.

Looking forward to learning more implementation and SecOps with ServiceNow.

Vishal Khandve · ‎05-06-2018

Vishal Khandve. Capgemini India, Senior Analyst
1 years experience with ServiceNow, just starting SecOps in ServiceNow
To learn more SecOps in ServiceNow

Joshua Brown · ‎05-07-2018

SANS stands for SysAdmin, Audit, Network and Security

Source: https://en.wikipedia.org/wiki/SANS_Institute

Joshua Brown · ‎05-07-2018

This shows support for Splunk Cloud.

https://splunkbase.splunk.com/app/3192/

And this one only supports Slunk Enterprise https://splunkbase.splunk.com/app/3921/

Loni T_ · ‎05-07-2018

Heads up Digital Shadows is not available to Express users so if you haven't updated yet, you'll need to preview other options.

Dave Smith1 · ‎05-07-2018

Link to Dave's "curl" page: http://quark.tombstones.org.uk/curl.php

Enjoy!

(download the source code here)

Dave Smith1 · ‎05-07-2018

Link to Dave's "curl" page: http://quark.tombstones.org.uk/curl.php

Enjoy!

Joshua Brown · ‎05-07-2018

http://kpilibrary.com/

Victor Colon · ‎05-07-2018

Here are the steps to change the workflow task output challenge.