0
13.9.0
Zurich, Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
With ServiceNow Security Incident Response, you can manage and automate the life cycle of your security incidents from initial prioritization to containment and resolution. Use the automated workflows to respond quickly and consistently and understand the trends and bottlenecks with analytics-driven dashboards and comprehensive reporting systems.
Integrations with third-party security solutions give you an enterprise-wide view of your security posture. Add orchestration for much faster incident response.
New:
- Ingest security incidents using email parsers, external monitoring, tracking systems, or the service catalog. Consolidate multiple events into a single incident for an efficient response.
- Use the tile-based Security Analyst workspace to quickly and efficiently perform day-to-day security analysis work.
- Employ security automation with third-party cybersecurity solutions to accelerate triage, investigation, containment, eradication, and remediation steps during incident response.
- Use the Security Analyst Playbooks to analyze specific threats step-by-step to orchestrate security automation. Playbooks lead you through a series of tasks and other activities for resolving the threat.
- The User-Reported Phishing feature allows you to create incidents from employees' forwarded phishing emails.
- Perform a post-incident review. Creating knowledge base articles can help with future similar incidents.
- Post-incident review reports provide the setup capability to create multiple report templates and configure those to align with the security incidents.
- Walk through the Security Incident Response setup process using the Setup Assistant in a simple, step-by-step procedure.
- Managed Security Service Providers offer domain-separated implementations of all existing and future integrations, such as Threat lookup, Observable enrichment, and Sighting search based on the user.
New:
- Bulk Closure UI & Backend Implementation
- Shift Handover start & end date, dynamic record mention & count feature functionality
Changed:
- Ability to Link Multiple ITSM Records to SIR Record
Fixed:
- Implement User Presence feature in ServiceNow Security Incident Response SIR/SIT/SR in SIR Workspace.
- Security Incident intermittently fails to load related records in BSM.
- When submit Security Incident Catalogs that used variable set:sn_si.variable_set in other languages except English, the category of security incident stores a choice label instead of choice value incorrectly.
- The regex to detect a link in a phishing email doesn't work.
- SIR tickets risk score recalculates on inserting comments.
- Child Security Incident Cancelled Instead of Closed.
- In dark mode the contrast of the text rendered is too low.
- OOTB all the PAD flows were in active state which is not expected.
- SIRs are not created from SIEM ingestion due to "Secure Notes" access issue to Crypto module since Yokohama upgrade.
- Change integration_source field type from reference to glide_list in sn_si_incident table.
- Security Fixes
The following Security Operations apps must be installed and activated:
- Security Integration Framework
- Security Support Common
- Security Support Orchestration
- Threat Core
Permissions and roles:
- Role required: System Admin (admin) or Security Admin (sn_si.admin)