List view in SIR Workspace

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of List view in SIR Workspace

    The List view in SIR Workspace provides ServiceNow security analysts and managers with a centralized interface to efficiently manage Security Incidents, Response Tasks, Phishing Emails, Assessments, and Shift Handover records. It enables quick access through pre-applied filters and customizable columns, facilitating rapid identification and handling of relevant records.

    Show full answer Show less

    Key Features

    • Security Incidents: View incidents filtered by categories such as Assigned to Me, Assigned to Team, Unassigned, All Open, and All. Analysts can configure columns, assign multiple incidents to users, delete, create new incidents, apply quick filters, refresh the list, and export data in Excel, CSV, JSON, or PDF formats.
    • Response Tasks: Similar functionality to Security Incidents, allowing analysts to manage tasks with filters like Assigned to Me, Assigned to Team, Unassigned, and All Open. Tasks can be assigned, created, filtered quickly, refreshed, and exported.
    • Phishing Emails: Displays all phishing emails sorted by last update. Analysts can report phishing emails directly from the list, delete emails, and export the list in various formats.
    • Assessments: Lists pending and all assessments required for post-incident review, enabling analysts to take necessary actions.
    • Shift Handover Records: Lists records assigned to teams or all records, supporting roles such as Admin, Security Analyst, and Security Manager. Users with appropriate roles can add or modify draft content; others have view-only access.
    • Quick Filters: Easily accessible filters for Security Incidents and Response Tasks that allow analysts to rapidly focus on items needing immediate attention.
    • Personalization: Analysts and managers can tailor list views for Security Incidents, Response Tasks, and Phishing Emails according to their preferences.

    Key Outcomes

    • Improved incident and task management through filtered views and quick actions such as assignment, creation, and bulk closure.
    • Enhanced productivity by enabling analysts to open records in new tabs, apply quick filters, and export data for reporting or offline analysis.
    • Streamlined Shift Handover process with role-based access to create, edit, and view handover records.
    • Efficient phishing email handling, including reporting and deletion directly from the list.
    • Support for post-incident reviews via accessible assessments lists.

    The list view consists of the security incidents, response tasks, phishing emails, and assessments.

    The list view has pre applied filters such as Assigned to Me, Assigned to Team, Unassigned, All Open, All, and so on.

    Using these list categories and filtered lists, analysts can quickly find the required Security Incidents and Response Tasks records that they need to work on.

    To get to the list view, you need to click the list icon (list view icon). When you click a record in a list view, the record opens in a new tab.

    List types

    The following gives you an example view of the lists.

    Landing page list view

    The list pane contains the following sections:

    Table 1. Lists
    List item Description Capability
    Security Incidents View the list of security incidents and navigate to the desired incident to start working on them. The following lists are available:
    • Visible to Me: Security incidents that are visible to the logged in user.
    • Assigned to Me: Security incidents that are assigned to the analyst.
    • Assigned to the Team: Security incidents that are assigned to all the teams that the analysts belongs to.
    • Unassigned: List of unassigned security incidents.
    • All Open: List of all open security incidents.
    • All: List of all security incidents.
    • On the List view, the Analyst can configure the list of columns by clicking on the gear icon which is available above the incident columns.
    • The analyst can select one or more security incident(s) and assign those incidents to the other users.
    • The analyst can delete the security incidents.
    • The analyst can create a new security incident.
    • The analyst can apply the quick filters. Apply the filters by clicking on the Quick Filters option instead of using the advance Filter option. Using the quick filters, you can quickly filter the list of security incidents that needs immediate attention. For more information, see Working with quick filters.
    • The analysts can refresh the list of incidents.
    • The analyst can export the list view to Excel, CSV, JSON, and PDF formats.
    Shift Handover Records View the list of Shift Handover records. The following lists are available:
    • Assigned to the Team: Shift Handover records that are assigned to all the teams/user groups that the analysts belongs to.
    • All: List of all security incidents.
    		 Shift Handover supports the following three roles:
    • Admin: Shift owner role
    • Security Analyst: Shift analyst role
    • Security Manager: Shift owner role, but doesn't have access to user group to which the Shift Handover record is assigned to.
    • The users with the Shift Owner/Analyst role who are part of the user group in the active shift can add or modify content in the shift handover records in the draft state.
    • The users who don't have the Shift owner/analyst role or are not part of the user group in the active shift can only view the content in the Shift Handover records.
    Response Tasks View the list of response tasks and navigate to the desired response task to start working on them. The list view contains:
    • Assigned to Me: Response tasks that are assigned to the analyst.
    • Assigned to the Team: Response tasks that are assigned to the teams to the analysts belongs to.
    • Unassigned: List of unassigned response tasks.
    • All Open: List of all open response tasks.
    • All: List of all response tasks.
    • On the List view, the Analyst can configure the list of columns by clicking on the gear icon which is available above the incident columns.
    • The analyst can select one or more response task(s) and assign those tasks to other users.
    • The analyst can create a new response task.
    • The analyst can apply the quick filters. Apply the filters by clicking on the Quick Filters option instead of using the advance Filter option. Using the quick filters, you can quickly filter the list of response tasks that needs immediate attention.
    • The analysts can refresh the list of response tasks.
    • The analyst can export the list view to Excel, CSV, JSON, and PDF formats. For more information, see Export Security Incidents or Response Tasks.
    Phishing Emails View the list of all Phishing emails. The list view will be sorted based on the last update.
    • Report Phishing Email. For more information, see Report Phish Email on how to report a phishing email.
    • Delete phishing emails.
    • Export the phishing emails list view to Excel, CSV, JSON, and PDF formats.
    Assessments View the list of assessments needed to perform post incident review.
    • My pending Assessments: List of pending assessments.
    • My All Assessments: List of all assessments.
    		 Take assessments.