Key insights and configured insights for Security Posture Control
Summarize
Summary of Key insights and configured insights for Security Posture Control
Security Posture Control provides key and configured insights that deliver visual reports to help you monitor security controls metrics on a dashboard. These insights are based on assessment criteria aligned with your assets and policies, enabling effective security posture management within your ServiceNow environment.
Show less
Key Features
- Key insights: These are pre-built visual reports created and updated using policies included with the Security Posture Control application. They appear on the Home landing page in the Security Posture Control workspace and include metrics such as:
- Endpoint protection agent installation status across assets
- Managed versus unmanaged device coverage
- Vulnerability scan coverage comparing scanned versus unscanned assets
- Count of assets with critical vulnerabilities
- Breakdown of vulnerable items by severity, requiring Vulnerability Response and scanner integrations (Qualys, Rapid7, Tenable)
- Top 3 policies ranked by the number of findings on assets
- Configured insights: These allow you to create custom visual reports tailored to your specific needs. You can use built-in policies, custom policies, or a mix of both for assessments. Configured insights are accessible via the Configured insights dashboard module and support multiple widget types:
- Comparison charts to analyze results across multiple policies
- Policy match count widgets showing how many devices match a policy
- Policy match percentage pie charts reflecting the proportion of devices matching a policy
- Policy trend charts to track asset compliance trends over time
- Groups: When creating configured insights, you can organize reports into groups for better dashboard management. Each group can contain up to 21 widgets or insights, improving report organization and accessibility.
Practical Use for ServiceNow Customers
By leveraging key insights, you gain immediate visibility into critical security metrics using out-of-the-box policies. Configured insights empower you to customize reporting to meet your unique security posture requirements, using your own policies or combining them with standard ones. Organizing insights into groups helps maintain a structured dashboard experience for ongoing monitoring and analysis.
To fully utilize vulnerability-related insights, ensure the Vulnerability Response application and at least one supported vulnerability scanner integration are installed. This integration enriches your asset assessments with vulnerability data, enhancing risk management.
Overall, these insights enable you to monitor and respond to security risks effectively, driving improved asset security and compliance within your ServiceNow Security Posture Control implementation.
Key and configured (custom) insights provide you with visual reports that are created and updated by the assessment criteria that match your assets. Insights help you monitor security controls metrics on a dashboard.
Key insights
- Key insights use the policies that are included with the application.
- Configured insights can be created using the policies included with the application, your own custom policies, or a combination of both.
- Endpoint protection agent installed: Total number of assets that have or do not have endpoint protection.
- Managed device coverage: Number of managed assets compared to those that are unmanaged.
- Vulnerability scan coverage: Total number of scanned assets compared to the those that are not scanned for known vulnerabilities by a third-party vulnerability scanner.
- Assets with critical vulnerabilities: Number of assets out of the total number of assets that have critical vulnerabilities.
- Vulnerable items by criticality: Total number of vulnerable items broken down by their severity. A known vulnerability that matches an asset in your CMDB results in a vulnerable item. This insight requires you to install the Vulnerability Response application and at least one scanner integration: Qualys, Rapid7, or the Tenable Vulnerability Integration. All these applications are available on the ServiceNow® Store.
- Top 3 policies by findings: Policies that return the most findings (matches) on your assets.
Configured insights
You can create your own insights if you want more information not found in the Key insights. You can create these configured insights and use existing policies or your own custom policies for assessment. Your configured insights are displayed on the Configured insights dashboard module, the second icon from the top in the workspace.
Following types of insights can be configured.
- Comparison chart: Compare results between multiple policies with bar charts.
- Policy match count widget: View the number of devices that match a policy.
- Policy match percentage chart: View the percentage of devices that match a policy in a pie chart. You can choose the total asset pool as either all the assets monitored by SPC or the assets that match the base policy from which the current selected policy is created.
- Policy trend chart: View the trends of assets that match various policies.
See Create and activate a configured insight for Security Posture Control for more information about the steps for creating a configured insight.
Groups
You must create or assign groups to your configured insights when you create new records in the Custom insight builder module. Groups allow you to organize your reports on the Configured insights dashboard.
Insights can be organized into groups. Each group can have 21 widgets or insights.