0
14.1.0
Australia, Zurich, Yokohama, Xanadu
Standalone Application
With ServiceNow Security Incident Response, you can manage and automate the life cycle of your security incidents from initial prioritization to containment and resolution. Use the automated workflows to respond quickly and consistently and understand the trends and bottlenecks with analytics-driven dashboards and comprehensive reporting systems.
Integrations with third-party security solutions give you an enterprise-wide view of your security posture. Add orchestration for much faster incident response.
New:
- Ingest security incidents using email parsers, external monitoring, tracking systems, or the service catalog. Consolidate multiple events into a single incident for an efficient response.
- Use the tile-based Security Analyst workspace to quickly and efficiently perform day-to-day security analysis work.
- Employ security automation with third-party cybersecurity solutions to accelerate triage, investigation, containment, eradication, and remediation steps during incident response.
- Use the Security Analyst Playbooks to analyze specific threats step-by-step to orchestrate security automation. Playbooks lead you through a series of tasks and other activities for resolving the threat.
- The User-Reported Phishing feature allows you to create incidents from employees' forwarded phishing emails.
- Perform a post-incident review. Creating knowledge base articles can help with future similar incidents.
- Post-incident review reports provide the setup capability to create multiple report templates and configure those to align with the security incidents.
- Walk through the Security Incident Response setup process using the Setup Assistant in a simple, step-by-step procedure.
- Managed Security Service Providers offer domain-separated implementations of all existing and future integrations, such as Threat lookup, Observable enrichment, and Sighting search based on the user.
New:
- Added granular read and write roles for TISC users.
- Added read role for GRC users to access related security incidents
Changed:
- Added ITSM AI Native SKU packaging on access to Problem, Change Management, and On-call schedule features.
- Removed the inventory_user role from sn_si.basic
Fixed:
- Fixed an issue where 'Create Security Incident' UI action was visible to ITIL users but were not able to create SIRs.
- Fixed inconsistent spacing around the Presence component in the Security Incident record header in SIR Workspace.
- Fixed sn_si_incident state field dropdown displaying blank labels in non-English locales when locale-specific choice list rows are inactive.
- Fixed security tag colors not rendering correctly in SIR Workspace due to missing CSS class definitions for black and blue colors, causing tags to fall back to grey regardless of the configured color.
- Created a new role and ACLs for AI Security and Privacy Incidents in SIR scope.
- Fixed issues with KMF policy shipped OOB in SIR.
- Added form and list view for sn_si_ci_service_cache in SIR.
- Fixed issue where Phishing email was not appearing as a File-type observable in the created SIR.
- Fixed installation error logs found while installing the - Security Incident Response store.
- Fixed issue where SIR tasks in "Closed Complete" state were incorrectly changed to "Cancelled" when parent SIR is closed.
The following Security Operations apps must be installed and activated:
- Security Integration Framework
- Security Support Common
- Security Support Orchestration
- Threat Core
Permissions and roles:
- Role required: System Admin (admin) or Security Admin (sn_si.admin)