Mobile Experience for Security Incident Response
Summarize
Summary of Mobile Experience for Security Incident Response
The Security Incident Response (SIR) Mobile app enables ServiceNow customers to manage their Security Operations Center (SOC) tasks directly from Android or iOS devices. Designed for SOC managers and users with the security analyst role (snsi.analyst), the app provides access to critical security incidents and response tasks, allowing users to stay informed and act promptly on cyberthreats to their organization.
Show less
Key Features
- Incident and Task Management: View, edit, and assign critical security incidents and response tasks from your mobile device.
- Notifications: Receive detailed alerts for security incidents and tasks that meet predefined notification criteria, ensuring timely awareness of critical events.
- Incident Groupings and Filters: Access groups of incidents or tasks organized by predefined queries or filters for efficient prioritization.
- Detailed Incident Information: View work notes, related lists, and update incidents by adding notes or attachments.
- Assignment Capabilities: Assign incidents to yourself or other security team members to facilitate workflow.
- Related Lists Access: When available, view related configuration items, affected users and services, child and similar security incidents, observables, response tasks, task SLAs, and attachments (not all supported on the AI Platform).
Practical Use and Setup
After installing the Security Incident Response core application and the Mobile app on your ServiceNow AI Platform instance, the app icon appears on your mobile device. The app interface organizes content into folders such as Security Incidents and Incident Response Tasks, with applets representing various management functions within these folders.
Detailed setup instructions and login procedures are available to help you configure the app and connect securely to your ServiceNow AI Platform instance.
Benefits for ServiceNow Customers
- Enables continuous SOC operations and incident management on the go.
- Improves responsiveness to security incidents through mobile notifications and real-time access.
- Supports collaboration within security teams by allowing incident reassignment directly from mobile devices.
- Provides a streamlined mobile interface that aligns with core Security Incident Response capabilities.
Use your Android or iOS mobile device to manage your security operations center (SOC) tasks.
Request apps on the Store
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Security Incident Response
If you’re unfamiliar with the basic concepts of the Security Incident Response ( SIR) product on your ServiceNow AI Platform® instance, see Security Incident Response Overview dashboard for more information about threat intelligence and how this product can help you prioritize and resolve cyberthreats to your organization.
Mobile experience for SIR overview
As a security operations center (SOC) manager or a user with the ServiceNow AI Platform security analyst role (sn_si.analyst), you can log in to a ServiceNow AI Platform instance directly from your mobile device. With the Security Incident Response Mobile app, you can view, edit, and assign your most current and critical SIR security incidents and response tasks. Notifications inform you when critical security incidents assigned to you arrive.
- View a list of critical security incidents and response tasks.
- Receive detailed notifications for security incidents and tasks that meet pre-defined notification criteria.
- View groupings of security incidents or tasks that are based on a pre-defined set of queries or filters.
- View the work notes and related lists of security incidents.
- Update security incidents and add work notes or attachments.
- Edit the fields on security incidents.
- Assign security incidents to yourself or to other members of your security team.
When they’re populated, you can view the following related lists on SIR security incidents with the Security Incident Response Mobile app:
- Configuration Item
- Affected User
- Affected Services
- Child Security Incidents
- Similar Security Incidents (not support by ServiceNow AI Platform)
- Observables
- Response Tasks
- Tasks
- Task SLA
- Attachments (not support by ServiceNow AI Platform)
The following figure illustrates how you log into your ServiceNow AI Platform instance from your mobile device and the structure of the landing screen of the Security Incident Response Mobile app that is displayed after you log in.
For step-by-step instructions about how to set up your ServiceNow AI Platform instance and install the Security Incident Response Mobile app, see Set up checklist for the Security Incident Response Mobile app. For instructions about how to log in, see Log in to the Security Incident Response Mobile app.
- Applications
- Applications are the ServiceNow® software components such as Security Incident Response (SIR), Vulnerability Response
(VR), Governance, Risk, and Compliance (GRC) that provide specific features and
functionalities within your ServiceNow AI Platform instance. After you install the Security Incident Response core application and the Security Incident Response Mobile app on
your ServiceNow AI Platform instance, the icon for the core application is displayed on the
bottom of your Android or iOS mobile device after you log in.
Figure 2. Security Incident Response Mobile app (Security Incidents) icon - Folders
- Each ServiceNow® mobile application contains folders that separate the applets by category. In the preceding image of the landing page, Security Incidents and Incident Response Tasks are folders.
- Applets
- Applets are the different options within the application. The icons under the Security Incidents and Incident Response Tasks sections are the available applets of the Security Incident Response Mobile app.