Security posture dashboards

  • Release version: Australia
  • Updated March 12, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Security Posture Dashboards

    The Security Posture Dashboards provide a centralized view for monitoring key security performance indicators (KPIs) across your ServiceNow instances. Users can access these dashboards through the Security Center, where they can analyze various aspects of instance security through customizable widgets.

    Show full answer Show less

    Key Features

    • At a Glance: Displays overall security metrics including compliance scores, customer actions due soon, and antivirus activity.
    • Users Section: Provides user statistics such as total users, active users, and counts of privileged accounts, offering insights into user activity and security posture.
    • Login Protection: Tracks failed login attempts, especially from privileged accounts, and identifies accounts lacking multi-factor authentication (MFA).
    • Instance Hardening: Lists recommended security settings to enhance instance security, highlighting priority and potential impact.
    • Data Protection: Offers insights into classified data, including personally identifiable information (PII) and tracks data exports.
    • All Instances View: Allows users to monitor the security posture of both production and non-production instances from a single dashboard.
    • Dashboard Customization: While the main dashboard cannot be modified, users can duplicate it for customized use.

    Key Outcomes

    By utilizing the Security Posture Dashboards, ServiceNow customers can effectively monitor and manage their security environment, ensure compliance, and quickly identify potential vulnerabilities. This proactive approach aids in maintaining a robust security posture and enables informed decision-making regarding security measures across multiple instances.

    Use the customizable single and multi-instance security posture dashboards to monitor your security KPIs. These dashboards consolidate the important information regarding the security of your instances in a single location and include a number of base system dashboard widgets.

    Accessing the Security posture dashboards

    To access the Security posture dashboard, open Security Center by navigating to All > Security Center. Select Security posture console in the Security consoles section. On the Security posture console page, select Security posture dashboards at the top.

    Use the down arrow next to Security posture dashboard to switch between instance dashboards.

    Change dashboard drop-down

    The dashboard is divided into multiple sections containing widgets related to an aspect of instance security. Select any widget on the dashboard to view more detail on this aspect of your instance's security.

    At a glance

    At a glance

    The At a glance section displays an overview of security on an instance, such as a compliance score, Customer Actions due, and release information for the instance.

    Compliance score
    Displays your instance compliance score percentage over time, beginning with the date sown at the bottom of the widget. Select this widget to navigate to the Hardening compliance score trend.
    Metric threshold alerts for me
    Displays a count of Metric threshold event [n_vsc_metric_threshold_event] records assigned to the current user. Select this widget to navigate to a list of these records.
    Metric threshold alerts for everyone.
    Displays a count of unassigned Metric threshold event [n_vsc_metric_threshold_event] records. Select this widget to navigate to a list of these records.
    Customer actions due soon
    Displays a count of customer actions due soon. Select this widget to navigate to Customer Actions.
    Antivirus downloaded files
    Displays a count of files uploaded to your instance that have been quarantined. Select this widget to view these quarantined files in the Antivirus section of Security metrics.
    Release version
    Displays the family version of the instance and the date of the last instance update.

    Users

    Users

    The Users section provides information on the users in your instance. The widgets on this section show user information, and a line graph showing changes to this information over time. Select a widget to view more detail.

    Total users
    Displays a count of users on your Users [sys_user] table. Select this widget to see details on these records in the Active Sessions section of Security metrics.
    Active users
    Displays a count of active users on your Users [sys_user] table. Active users are user records where the Active field is selected. Select this widget to see details on these records in the Active Sessions section of Security metrics.
    Active integration accounts
    Displays a count of integration accounts on your Users [sys_user] table. Integration accounts are user records where the Web service access only field is selected. Select this widget to see details on these records in the Active Sessions section of Security metrics.
    Active privileged accounts
    Displays a count of active privileged users on your Users [sys_user] table. Privileged users are user records where the Active field is true, the Internal Integration User is false, and Internal Integration User is inactive. Select this widget to see details on these records in the Active Sessions section of Security metrics.
    Never logged-in users
    Displays a count of users on your Users [sys_user] table created in the last 60 days, and have no value in the Last login time field. Select this widget to see details on these records in the Active Sessions section of Security metrics.

    Login protection

    Login protection

    The Login protection section includes information on failed logins, including failed login attempts for privileged users. These widgets include a line graph showing changes to this information over time. Select a widget to view more detail.

    Failed user logins
    Displays a count of failed user login attempts. Select this widget to navigate to see details on failed logins in Security metrics.
    Failed privileged user logins
    Displays a count of failed user login attempts from privileged accounts. Privileged users are user records where the Active field is true, the Internal Integration User is false, and Internal Integration User is inactive. Select this widget to navigate to see details on failed logins in Security metrics.
    Privileged logins without MFA
    Displays a count of privileged accounts that aren’t configured for multi-factor authentication (MFA). Select this widget to navigate to see a list these accounts in Security metrics.
    REST APIs without API access policy
    Displays a list of REST APIs that aren’t restricted with an API access policy. Select this widget to navigate to see a list these REST APIs in Security metrics.

    Instance hardening

    Instance hardening

    The Instance hardening section contains recommended hardening security settings that you can change to improve instance security. Use this section to see the priority and potential impact of these changes.

    Instance trends

    Instance trends

    The Instance trends dashboard displays the results of the access controls auditor scan suite.

    Data protection

    Data protection

    Use the Data protection section to see an overview of classified data, such as personally identifiable information (PII). The dashboard also tracks exports of classified data.

    Classified data
    Displays a pie chart of classified data on your instance, separated by type. Select a section of the chart to view details on these records. For details on data classification, see Data classification.
    Classified data exports
    Displays a count of classified records that have been exported from your instance. Select this widget to see a list of classified exports in the Export section of Security metrics.
    Total table columns
    Displays a count of all columns(fields) in tables on your instance. Select this widget to review these columns in the Data Classification section of Security metrics.
    Encrypted PII classified columns
    Displays a count of encrypted records classified as Personally Identifiable Information (PII). Select this widget to review these records in the Data Classification section of Security metrics.
    Total PII classified columns
    Displays a count of all records classified as Personally Identifiable Information (PII). Select this widget to review these records in the Data Classification section of Security metrics.

    Review multiple instances

    Multi-instance view of the security posture dashboard

    View the security posture of your non-production instances without leaving your production instance using the All instances tab at the top of the dashboard. The All instances tab displays a condensed version of the same information as the This instance tab, but also includes data from all your non-production instances.

    By default, the All instances tab displays information on the production instance you’re logged in to, and all non-production instances across all your production environments.

    You may add or remove instances that appear on this dashboard by modifying your trust configuration. Providing data visibility between instances allows them to appear within your dashboard. For details on this process, see Basic trust configuration for data sync applications.

    Dashboard customization

    The instance security posture dashboard can’t be customized, but you can duplicate the dashboard by selecting the More Actions (More actions) icon and selecting Duplicate. You can change the duplicate dashboard.