Security Analyst Workspace properties

Release version: Washingtondc

Updated February 1, 2024

3 minutes to read

These system properties are used to configure the Security Analyst Workspace.

There are two types of properties:

Properties that are typically not modified like sys_ids and product keys.
Properties that are modified as required like long poll intervals and user interface configurations.

Note:

The Security Analyst Workspace properties are located at this location: Security Incident > Analyst Workspace Setup > Analyst Workspace Properties.

Table 1. Security Analyst Workspace properties
Property Name	Description
Fields that are hidden by default in the response task banner. sn_app_secops_ui.form.excluded_fields.response_task	Type: string Default value: number short description comments work_notes comments_and_work_notes work_notes_list automation_activity
Fields that are hidden by default in the incident banner. sn_app_secops_ui.form.excluded_fields.incident	Type: string Default value: number short description comments work_notes comments_and_work_notes work_notes_list automation_activity security_tags
Background color style is applied to the fields listed here. sn_app_secops_ui.form.color_coded_fields	Type: string Default value: business criticality impact priority risk_score severity
If true, tables extended from the sn_si_task base response task table, will also have access to email templates created for the base response task table. sn_app_secops_ui.extend.base.response_task.email_templates	Type: true \| false Default value: true
Sets the width of each summary field in each response task banner. sn_app_secops_ui.task_summary.single_summary.width.response_task	Type: integer Default value: 10
Sets the width of each summary field in each incident banner. sn_app_secops_ui.task_summary.single_summary.width.incident	Type: integer Default value: 15
Sets a limit on the number of summary fields allowed in the incident banner. sn_app_secops_ui.task_summary.single_summary.limit.incident	Type: integer Default value: 12
Sets a limit on the number of summary fields allowed in the response task banner. sn_app_secops_ui.task_summary.single_summary.limit.response_task	Type: integer Default value: 12
Sets a limit on the number of summary fields allowed in the first line of the incident banner. sn_app_secops_ui.task_summary.single_summary.limit.incident.first_line	Type: integer Default value: 3
Comma separated list of fields that may have user photos. sn_app_secops_ui.form.user_fields	Type: string Default value: affected_user caller sys_updated_by sys_created_by opened_by closed_by submitted_by
Sets the width of each summary field in each incident peek view. sn_app_secops_ui.task_summary.single_summary.width.incident_peek	Type: integer Default value: 13.5
Comma separated list of fields that display time. sn_app_secops_ui.form.time_fields	Type: string Default value: opened_at sys_created_on sys_updated_on
Controls the frequency (in milliseconds) at which the sighting search results are refreshed. sn_app_secops_ui.poller_interval.search_action	Type: integer Default value: 30000 Minimum: 15000
Controls the frequency (in milliseconds) at which the count or query data is refreshed. sn_app_secops_ui.poller_interval.related_list	Type: integer Default value: 30000 Minimum: 15000
Controls the frequency (in milliseconds) at which the result data is refreshed (for the playbook). sn_app_secops_ui.poller_interval.playbook_tasks	Type: integer Default value: 30000 Minimum: 15000
ID for the Security Operations Integration - Isolate Host workflow. sn_app_secops_ui.workflow.id.isolate_host	Type: string Default value: d72041f1ff203200c68c84648e94fa5e
ID for the Security Operations Integration - Watchlist workflow. sn_app_secops_ui.workflow.id.publish_to_watchlist	Type: string Default value: 35800c0eff343200c68c84648e94fa85
ID for the Security Operations Integration - Block Request workflow. sn_app_secops_ui.workflow.id.block_request	Type: string Default value: 11a6a5270b9032008f9108e3c5673a24
ID for the sn_si_analyst user role. sn_app_secops_ui.roles.id.sn_si.write	Type: string Default value: 66878663ff123100158bffffffffff8d
ID for the sn_si_read user role. sn_app_secops_ui.roles.id.sn_si.read	Type: string Default value: ae878663ff123100158bffffffffff8e
ID for the sn_si_admin user role. sn_app_secops_ui.roles.id.sn_si.admin	Type: string Default value: 22878663ff123100158bffffffffff8d
ID for the Microsoft Exchange - Perform Email Search and Delete workflow. sn_app_secops_ui.email.phishing.manual.workflow	Type: string Default value: ed9f289cc310220031fbdccdf3d3aeb4
ID for the Add to Deny list custom action under the Explore tab in the Security Analyst Workspace. sn_app_secops_ui.explore.action.direct.id.deny_list	Type: string Default value: DENY_e9bd0ac50b632200263a089b37673a0b
ID for the Add to Allow list custom action under the Explore tab in the Security Analyst Workspace sn_app_secops_ui.explore.action.direct.id.allow_list	Type: string Default value: ALLOWLIST_e9bd0ac50b632200263a089b37673a0b
ID for the Run Threat Lookup UI Action. sn_app_secops_ui.explore.action.id.run_threat_lookup	Type: string Default value: da5ff4420b540300263a089b37673ae7
ID for the Threat Lookup integration capability. sn_app_secops_ui.explore.capability.id.threat_lookup	Type: string Default value: 39344d4f0b273200263a089b37673ab1
ID for the Observable Enrichment custom action under the Explore tab in the Security Analyst Workspace. sn_app_secops_ui.explore.action.id.observable_enrichment	Type: string Default value: OBS_ENRICHMENT_54e2f5d60b5003009f66e94685673a1e
ID for the Enrich Observable integration capability. sn_app_secops_ui.explore.capability.id.observable_enrichment	Type: string Default value: 9ad183640b1003009f66e94685673af4
ID for the Publish to Watchlist UI Action. sn_app_secops_ui.explore.action.id.publish_to_watchlist	Type: string Default value: 8ee94002ff743200c68c84648e94faf9
ID for the Block Request UI Action. sn_app_secops_ui.explore.action.id.block_request	Type: string Default value: 7158f6e40b2032008f9108e3c5673adf
ID for the Run Sightings Search UI Action. sn_app_secops_ui.explore.action.id.sightings_search	Type: string Default value: 43f91a6f0b032200b97c67d985673a2c
ID for the Create Child Security Incident UI Action. sn_app_secops_ui.explore.action.id.create_child_incident	Type: string Default value: 5a6882645363530099d5ddeeff7b1272
ID for the Add Security Annotation UI Action. sn_app_secops_ui.explore.action.id.add_security_annotation	Type: string Default value: 1e3a3e723b5332005a9149a4d2efc4eb
ID for the CI Enrichment Custom Action under the Explore tab in the Security Analyst Workspace. sn_app_secops_ui.explore.action.id.ci_enrichment	Type: string Default value: CI_ENRICHMENT_54e2f5d60b5003009f66e94685673a1e
ID for the Isolate Host UI Action. sn_app_secops_ui.explore.action.id.isolate_host	Type: string Default value: d6244e0aff203200c68c84648e94fad3
ID for the Add Multiple Observables UI Action. sn_app_secops_ui.explore.action.id.multiple_observable	Type: string Default value:138de478d78322007a6de294de6103aa
Product key for ag-Grid-Enterprise. sn_app_secops_ui.ag-grid-license	Type: string Default value:ServiceNow_ServiceNow_5Devs2_August_2018__MTUzMzE2NDQwMDAwMA==cedabe1c76ccf28f23aec398ec32997d