List view in SIR Workspace

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of List view in SIR Workspace

    The List view in the Security Incident Response (SIR) Workspace provides ServiceNow analysts with centralized, filtered lists of Security Incidents, Response Tasks, Phishing Emails, Assessments, and Shift Handover records. It enables efficient navigation, management, and action on security-related work items within the Zurich release.

    Show full answer Show less

    Key Features

    • Predefined Filters and List Categories: Analysts can quickly access categorized lists such as Assigned to Me, Assigned to Team, Unassigned, All Open, and All, facilitating rapid identification and prioritization of relevant records.
    • Security Incidents Management: Analysts can view, configure columns, assign incidents to users, delete, create new incidents, apply quick filters for immediate attention, refresh lists, and export data in Excel, CSV, JSON, and PDF formats.
    • Response Tasks Handling: Similar capabilities exist for managing response tasks including assignment, creation, filtering, refreshing, and exporting to various file formats.
    • Phishing Emails: Analysts can view and sort phishing emails by last update, report phishing emails directly from the list, delete phishing emails, and export the list data.
    • Assessments: Lists pending and all assessments to support post-incident reviews, allowing analysts to take required assessments efficiently.
    • Shift Handover Records: Provides views of shift handover records assigned to teams or all records, with role-based permissions for creating, editing, or viewing content depending on analyst roles and team membership.
    • Quick Filters: Easily accessible filters on Security Incidents and Response Tasks lists allow rapid narrowing of work items needing immediate attention without using advanced filtering.
    • Personalization: Security analysts and managers can customize list views for Security Incidents, Response Tasks, and Phishing Emails to suit individual preferences and workflows.

    Key Outcomes

    • Enhanced productivity through quick access to categorized and filtered security work items.
    • Improved collaboration by enabling assignment and reassignment of incidents and response tasks among analysts and teams.
    • Streamlined phishing email handling and reporting directly from the list view.
    • Efficient shift handover processes with clear role-based access and editable records.
    • Capability to export data for reporting and analysis, supporting broader security operations and compliance needs.

    The list view consists of the security incidents, response tasks, phishing emails, and assessments.

    The list view has pre applied filters such as Assigned to Me, Assigned to Team, Unassigned, All Open, All, and so on.

    Using these list categories and filtered lists, analysts can quickly find the required Security Incidents and Response Tasks records that they need to work on.

    To get to the list view, select the list icon (list view icon). When you select a record in a list view, the record opens in a new tab.

    List types

    The following gives you an example view of the lists.

    Landing page list view

    The list pane contains the following sections:

    Table 1. Lists
    List item Description Capability
    Security Incidents View the list of security incidents and navigate to the desired incident to start working on them. The following lists are available:
    • Visible to Me: Security incidents that are visible to the logged in user.
    • Assigned to Me: Security incidents that are assigned to the analyst.
    • Assigned to the Team: Security incidents that are assigned to all the teams that the analysts belongs to.
    • Unassigned: List of unassigned security incidents.
    • All Open: List of all open security incidents.
    • All: List of all security incidents.
    • On the List view, the Analyst can configure the list of columns by clicking on the gear icon which is available above the incident columns.
    • The analyst can select one or more security incident(s) and assign those incidents to the other users.
    • The analyst can delete the security incidents.
    • The analyst can create a new security incident.
    • The analyst can apply the quick filters. Apply the filters by clicking on the Quick Filters option instead of using the advance Filter option. Using the quick filters, you can quickly filter the list of security incidents that needs immediate attention. For more information, see Working with quick filters.
    • The analysts can refresh the list of incidents.
    • The analyst can export the list view to Excel, CSV, JSON, and PDF formats.
    Shift Handover Records View the list of Shift Handover records. The following lists are available:
    • Assigned to the Team: Shift Handover records that are assigned to all the teams/user groups that the analysts belongs to.
    • All: List of all security incidents.
    		 Shift Handover supports the following three roles:
    • Admin: Shift owner role
    • Security Analyst: Shift analyst role
    • Security Manager: Shift owner role, but doesn't have access to user group to which the Shift Handover record is assigned to.
    • The users with the Shift Owner/Analyst role who are part of the user group in the active shift can add or modify content in the shift handover records in the draft state.
    • The users who don't have the Shift owner/analyst role or are not part of the user group in the active shift can only view the content in the Shift Handover records.
    Response Tasks View the list of response tasks and navigate to the desired response task to start working on them. The list view contains:
    • Assigned to Me: Response tasks that are assigned to the analyst.
    • Assigned to the Team: Response tasks that are assigned to the teams to the analysts belongs to.
    • Unassigned: List of unassigned response tasks.
    • All Open: List of all open response tasks.
    • All: List of all response tasks.
    • On the List view, the Analyst can configure the list of columns by clicking on the gear icon which is available above the incident columns.
    • The analyst can select one or more response task(s) and assign those tasks to other users.
    • The analyst can create a new response task.
    • The analyst can apply the quick filters. Apply the filters by clicking on the Quick Filters option instead of using the advance Filter option. Using the quick filters, you can quickly filter the list of response tasks that needs immediate attention.
    • The analysts can refresh the list of response tasks.
    • The analyst can export the list view to Excel, CSV, JSON, and PDF formats. For more information, see Export Security Incidents or Response Tasks.
    Phishing Emails View the list of all Phishing emails. The list view will be sorted based on the last update.
    • Report Phishing Email. For more information, see Report Phish Email on how to report a phishing email.
    • Delete phishing emails.
    • Export the phishing emails list view to Excel, CSV, JSON, and PDF formats.
    Assessments View the list of assessments needed to perform post incident review.
    • My pending Assessments: List of pending assessments.
    • My All Assessments: List of all assessments.
    		 Take assessments.