Review the following information and verify that you’ve completed all the tasks for a smooth integration. Below is the list of different user persona defined to access and work with the application:

• Threat Intelligence Analyst (sn_sec_tisc.analyst)
• Threat Intelligence Administrator (sn_sec_tisc.admin)

表 : 1. Entitlements applicable for TISC Roles

Setup

Description

Assign and verify the required ServiceNow AI Platform and Threat Intelligence Security Center roles.

The following roles are required for configuration and verification of the expected results: As an admin, you must install the TISC application from the ServiceNow Store and assign the role as sn_sec_tisc.admin. This sn_sec_tisc.admin role performs the following tasks: Configures the Data Sources to ingest the data. For more information, see Threat Intelligence Feeds. Configured the integrations required for Enriching Observable data in TISC. For more information, see TISC Enrichment Integrations. Configures Data Import Approval Roles for importing data using Import Assistant. For more information, see Working with Data Imports. Configures Threat Score Calculator using required criteria for automatic calculation of Threat Score of observables. For more information, see Define Threat Score Calculator. Configures required Taxonomies and Taxonomy Values. For more information, see Creating Taxonomies. Configure the MITRE ATT&CK repository relevant to your organization. For more information, see MITRE-ATT&CK Repository. 注: As a sn_sec_tisc.admin, you can also assign the sn_sec_tisc.analyst role. The sn_sec_tisc.analyst role performs the following tasks: Views the overview of data in the system using Product Homepage. For more information, see View Threat Intelligence Security Center home page. Import data into system using Import Intelligence button in Threat Library Page. For more information, see Threat Intelligence Security Center Library. Search across the data present in the application using search provided in Threat Library page. Manages the data ingested from various sources in Threat Library. Performs various Enrichment actions on Observables. Creates and Manages Cases. For more information, see Creating cases using Threat Analyst Workbench.