View Major Security Incident impact metrics
Summarize
Summary of View Major Security Incident impact metrics
This feature provides ServiceNow customers with real-time, comprehensive reporting on the impact and status of major security incidents (MSI) within the Major Security Incident Management (MSIM) workspace. It helps incident managers track the scope, progress, and key milestones of significant security events through intuitive dashboards and a dynamic timeline.
Show less
Key Features
- Overview Tab Metrics: Displays a consolidated view of affected assets, users, locations, and team resources tied to the incident, alongside a timeline of significant incident milestones.
- Timeline Component: Horizontally visualizes key events and milestones during the incident lifecycle. It is accessible across all MSIM workspace tabs and supports collapsing/expanding for ease of use.
- Event Types & Filters: Events such as record updates and collaboration activities are categorized with icons. Customers can filter event types on the timeline to customize visibility.
- Duration Counters: Track elapsed time since incident detection, estimated resolution date, and schedule of next update, which can be edited directly from the interface.
- Executive Summary: Allows users to create, edit, and copy a concise summary describing the incident, with associated user and timestamp information.
- Incident Impact Details: Enables drill-down navigation from aggregate counts to detailed views of impacted assets, users, locations, and related incident tasks, including task type, assignment, and status.
- Creating Custom Timeline Events: Users can add new timeline events manually to capture important milestones or activities not automatically recorded, specifying title, category (Custom, Response, Threat), timestamp, and description.
- Timeline Controls: Features include zooming in/out on the timeline, refreshing events, toggling event visibility per type, and displaying a legend for event icons.
Practical Benefits
By leveraging these impact metrics and timeline visualizations in the MSIM workspace, ServiceNow customers can:
- Maintain an accurate and up-to-date understanding of incident scope and progression.
- Effectively communicate incident status and key developments to stakeholders.
- Improve decision-making with clear visibility into affected resources and timeline milestones.
- Customize incident tracking by adding manual events for comprehensive documentation.
- Navigate quickly between high-level summaries and detailed incident task information.
Related Capabilities
This functionality integrates with other major security incident processes such as proposing and linking incident records, viewing incident trend charts, managing tasks, tracking collaboration activity, and generating status reports—all accessible within the MSIM workspace for efficient incident management.
Provides up-to-date summary reporting of the impact and progress of major security incidents, which is an important aspect of managing a major security incident using the new workspace.
The Overview tab provides the relevant metrics to manage both the scope and progress of the incident, including a rollup of affected assets, users, locations, and team resources, as well as the timeline of significant incident milestones.
Timeline provides a horizontal view of key events and milestones that have occurred as part of the specific major security incident resolution. The timeline component is displayed on top of all the Major Security Incident Management workspace tabs with an ability to collapse and expand for viewing as required. The events data represented will be updated and refreshed whenever designated milestone events or milestones are added or updated.
Each event or milestone is indicated with a different timeline event type option to identify the number and type of events or milestones. For example NOW record updates, collaboration activities. In addition, the time range period for the different major security incident states is tracked automatically and displayed using color-coded ranges displayed along with the duration of each incident state.
| Task | Description |
|---|---|
| Executive Summary | A brief summary of the major security incident along with the user name, user role, and timestamp details.
|
| Incident Impact | These components display the impacted resources based on a rollup of all active tasks and linked incidents with identified assets, users, locations, and assigned team members. The impacted resources are:
Selecting the number values enables you to drill down and navigate to the impacted assets, users, and location details and displays the related tasks on the Incident Impact tab of the workspace. Based on your selected incident impact type link, the related incident details such as task type and its description, assignment group and incident state are displayed in the tab of the MSIM workspace. |
| Duration counters | These components display the duration of the major security incident. The impacted resources are:
|
You can enable or disable viewing of certain event types for both timeline indicators and timeline ranges accordingly using the filter toggle buttons.
| Task | Description |
|---|---|
| New Event | Creates new custom events and associates these events to the MSI record. This helps in creating events for both past and future dates that might not otherwise get captured via a labeled task, record state change, or labeled collaboration activity, which are displayed by default on the timeline. |
| Refresh | Refreshes the Timeline events to display the latest updates. |
| Timeline Indicators | Lists the various types of events such as Now Record field changes, Labeled Collaboration Activities, and Other (custom), along with the icons and total number of events that occurred with respect to each event type indicator. The slide indicator enables you to enable or disable all events for a specific event type. |
| Show Legend | Select to display the drop-down legend with different types of timeline indicators. |
| Timeline progress bar | Displays the overall progress of the incident via designated timeline events or milestones that are occurred within the different timeline ranges displayed. You can also link an Event type to an Event category. After you link it, the Event details get updated at both places on the timeline. |
| Timeline ranges | Displays various incidents state types and duration as the incident progresses throughout the full major security incident life-cycle. Enable or disable a specific event based on the incident state. |
Create a Timeline event
- In the Overview tab, navigate to the Timeline section.
- Select .
- On the Add a new timeline event pop-up, fill the fields.
Figure 3. New Timeline event Task Description Title Enter the title for the timeline event. Category Select a category for the timeline event. The following categories are provided as a part of the base system, and you can choose one based on your requirements.- Custom.
- Response.
- Threat.
To add or configure a Timeline event category, see Configure timeline categories for major security incidents.
Timestamp Select the date and time of the timeline event using the Timestamp calendar. You can add events to the Timeline before and after the start date. Description Provide a brief description about the timeline event. Linked to Option to link the timeline event to a major security incident record. - Select .
- You can use Zoom in and Zoom out icons to zoom in or out on the timeline progress bar, which includes displaying individual events when numbers are displayed to represent
several events in close time proximity.
You can also add the default zoom level to show all events.
- Select the Refresh icon to display the latest timeline events.