Checklist for MSIM setup

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Checklist for MSIM setup

    This checklist guides ServiceNow customers through the installation and configuration of the Major Security Incident Management (MSIM) application, version 1.1.1, available on the ServiceNow Store. It ensures all necessary components, roles, and integrations are correctly set up for effective management of major security incidents.

    Show full answer Show less

    Setup and Configuration Steps

    • Application Installation: Confirm that the MSIM application and its dependent applications—including File Explorer Core, Microsoft SharePoint File Explorer Connector, Microsoft Teams Chat Connector, Major Security Incident Response, and Security Incident Response—are installed and activated in the specified order.
    • User Roles Assignment: Assign appropriate MSIM roles such as MSI Administrator, MSI Manager, and MSI Responder to support the incident lifecycle management.
    • Microsoft SharePoint Integration: Set up Microsoft SharePoint version 1.0.0 by establishing Graph and REST connections to ServiceNow. Create or use existing SharePoint sites and document libraries with proper permissions assigned to users and groups.
    • File Explorer Configuration: Configure the Microsoft SharePoint File Explorer Connector, including repository drive setup, folder and file action settings, and folder templates tailored for different major incident types.
    • Microsoft Teams Chat Connector Setup: Establish connections and credentials between Microsoft Teams and ServiceNow AI Platform to enable chat integration. Create chat channel templates as needed.
    • MSIM Administration Configuration: MSI Administrators should configure incident proposal and promotion settings, notification enablement, editable template messages, and security tags to distinguish incident statuses.
    • Notification Settings: Configure email notifications to alert relevant users and groups when an incident is proposed or promoted, ensuring timely communication throughout the incident management process.

    Practical Benefits

    Following this checklist enables ServiceNow customers to:

    • Ensure a seamless setup of the MSIM application with all required integrations and components.
    • Assign proper roles to manage security incidents effectively across their lifecycle.
    • Leverage Microsoft SharePoint and Teams integrations for enhanced collaboration and document management.
    • Customize notification and administration settings to align with organizational security incident workflows.

    Before using the ServiceNow® Major Security Incident Management (MSIM) application, download the application from the ServiceNow® Store.

    Track your progress with the setup, installation, and configuration from the following table.

    Note:
    The roles assigned for Major Security Incident Management application are listed in the further following sections, for more information, see Major Security Incident Management roles.
    Use the following checklist to guide you through the end-to-end steps to install and configure Major Security Incident Management application.
    Table 1. Checklist
    Setup task Description

    Verify that the Major Security Incident Management application is installed and activated from the ServiceNow® Store.

    Major Security Incident Management v1.1.1 is available on ServiceNow® Store.

    Follow these instructions: downloading an application from the ServiceNow Store.

    Verify that the following applications are installed in the given order.

    		 The following applications will be installed by default after you install Major Security Incident Management application in the current application release version:
    • File Explorer Core for Security Operations v1.1.1
    • Microsoft SharePoint File Explorer Connector for Security Operations v1.1.1
    • File Explorer Component for Security Operations v1.0.0
    • Microsoft Teams Chat Connector for Security Operations v1.0.0
    • Chat core for Security Operations v1.0.0
    • Major Security Incident Response v1.1.1
    • Collab Chat EVAM card for MSIM workspace v1.0.0 (This application is set up only for the UI visualizations in the application background for Major Security Incident Management workspace)
    • Task Organizer UI Component for Major Security Incident Management workspace 1.0.0
    • Security Incident Response v12.8.1

    Verify that the user roles are assigned to Major Security Incident as appropriate.

    		 The following roles are involved throughout the incident life-cycle of Major Security Incident remediation process:
    • MSI Administrator [sn_msi.workspace_admin]
    • MSI Manager [sn_msi.workspace_manager]
    • MSI Responder [sn_msi.workspace_responder]
    For more detailed information on each role, see Major Security Incident Management roles.

    Verify that you have successfully setup Microsoft SharePoint v1.0.0 configuration.

    Microsoft SharePoint manages sites, folders, files, groups, and users in Microsoft SharePoint.

    Add Microsoft SharePoint data to your ServiceNow® instance. To do this, you must have to setup Graph and Rest connections.

    For information, see Microsoft SharePoint spoke v1.1.2 documentation on how to setup REST and Graph connections Configuration.

    Establish Graph and REST connection to connect to your ServiceNow® instance from Microsoft SharePoint.

    Verify that you have created a Microsoft SharePoint site to create a document library.

    Create a Microsoft SharePoint site, if required or you can use an existing site to create the document library.

    Verify that you have created a document library under the Microsoft SharePoint site.

    Create a dedicated document library under a new or existing Microsoft SharePoint site.

    Verify that required permissions are provided to the users and assigned to the required user groups in the Microsoft SharePoint.

    Manage access from Microsoft SharePoint site to different users and user groups.

    Verify that you have created and configured Microsoft SharePoint Drive and necessary configuration settings.
    To verify the drive configurations, setup Microsoft SharePoint File Explorer Connector, Folder, and File Actions and Folder Templates:
    Verify that you have successfully established a connection to Microsoft Teams Chat Connector application.

    To establish Microsoft Teams Chat Connector application connection with ServiceNow® instance, follow the procedure explained here: Establish MS Teams Graph connection on ServiceNow AI Platform.

    Verify that you have configured Microsoft teams with ServiceNow AI Platform® instance and created connections and credentials configurations.
    To verify Microsoft Teams configuration with ServiceNow® instance, follow the procedure as explained here:
    Verify that the Major Security Incident Administration - Configuration settings are successful.
    As an MSI Administrator, you must be able to:
    • Determine whether security analysts can propose and promote the incident and link other security incidents.
    • Enable or disable the notifications when an incident is proposed or promoted. Ability to edit default template messages.
    • Configure security tags that appear on the security analyst interface to differentiate the incidents that have been proposed as a major security incident candidate or promoted to a major security incident.
    Verify that the Major Security Incident Administration - Notifications settings are successful. As an MSI Administrator, trigger email notifications when a security incident is proposed and are sent to all those users and groups who are configured to the notifications list. For more information, see Set notification preferences for MSIM.