Exploring Now Assist for Security Incident Response
Your security analysts can use intelligent workflows and ServiceNow generative AI skills to help them triage, investigate, and close security incidents within the flow of their work with the Now Assist for Security Incident Response application.
Now Assist for Security Incident Response overview
With generative AI skills, your security analysts have the option to:
- Summarize security incident details and review the context quickly in a concise, easy-to-read format.
- Generate recommended next steps for a security incident.
- Generate post-incident analysis data.
- Generate closure notes.
- Generate correlation insights
- Generate Security Operation Center (SOC) Performance Analysis
Security analysts can share findings, incident details, and closure notes with other analysts, managers, and key stakeholders.
Now Assist for Security Incident Response users
| User | Description |
|---|---|
| Security analysts and managers | Preview security incident details, see their potential impact, and view the key remediation actions already taken with security incident summaries using generative AI. Summaries and recommended next steps (actions) give analysts and managers a head start with their investigations and help with closing security incidents. Automatically generate a draft of closure notes using generative AI. Closure notes for security incidents are created quickly based on remediation and containment activities, in addition to other relevant details that are related to their closure. |
Now Assist for Security Incident Response benefits
| Benefit | Feature | Users |
|---|---|---|
| Expedite triaging of security incidents with long activity streams by reviewing work notes and contextual information quickly in a concise, easy-to-read format. | Generate summaries for security incidents that include the following information:
|
|
| Automatically generate a draft of closure notes for a security incident when it’s ready for closure. Analysts can modify any content that is generated by the AI skill by editing it, removing it, or adding their own notes before they close the security incident. | Generate security incident closure notes |
|
| Generate recommended next steps within the workflow upon request to help you close a security incident. | Generate security incident recommended actions |
|
| Generate a post-incident analysis that includes a root cause analysis, impact assessment, and lessons learned within the workflow of closing a security incident. | Generate post-incident analysis |
|
| Connect current incidents to past events that involve the same affected users, configuration items (CIs), or observables. | Generate correlation insights |
|
| Gain insight into how efficiently your security analysts are working with security incidents with an AI agent. | Generate Security Operation Center (SOC) Performance Analysis and get suggestions for improvement from an AI agent. Note:
You must activate the Security operations metrics analysis skill if you want to use the Analyze security operations metrics agentic workflow. See Configure and activate a skill for Now Assist for Security Incident Response for more information. |
Security managers |
| Learn about the details of a security incident quickly by accessing summaries and closure notes from the Now Assist panel. | Access the generative AI summary and closure notes from the Now Assist panel. Type in requests for more basic information about security incidents in the panel. |
|
| Customize the generative AI skills for summaries and closure notes to suit your needs. | Copy a skill and modify select related table fields, define the availability of the skill, and choose where the skill is displayed. | admin |
What to explore next
To learn more about configuring and using Now Assist for Security Incident Response, see:
- Configuring Now Assist for Security Incident Response
- Summarize a security incident with Now Assist for Security Incident Response
- Generate closure notes for a security incident with Now Assist for Security Incident Response
- Generate correlation insights with Now Assist for Security Incident Response
- Generate recommended actions for a security incident with Now Assist for Security Incident Response
- Generate a post-incident analysis for a security incident with Now Assist for Security Incident Response
- Inputs and triggers for Now Assist for Security Incident Response
- Using AI agentic workflows in Now Assist for Security Incident Response