ServiceNow® Threat Intelligence lets you find Indicators of Compromise (IoCs) and enrich security incidents with threat intelligence data. Threat Intelligence enables you to access and provide a reference point for your company's Structured Threat Information Expression (STIX™) data. Threat Intelligence also includes Security Case Management, which analyzes threats to your organization posed by targeted campaigns or state actors.
Note: STIX is a language for describing cyber threat information in a standardized and structured manner. Using STIX data and Trusted Automated Exchange of Indicator Information (TAXII™) profiles, threat professionals can use shared cyber threat information to isolate threats that have been previously identified by your company and from other sources. TAXII makes the widespread automated exchange of cyber threat information possible. STIX™ and TAXII™ are trademarks of The MITRE Corporation.
Threat Intelligence is now available only on the ServiceNow® Store.
- Import indicators in STIX™ formats from TAXII™ servers or using API-based ingestion.
- Automatic association of indicators to observables previously identified by your company and from other sources.
- Analyzing threats to the organization by targeted campaigns or state actors using Security Case Management.
Fixed:
- Remove Run Orchestration UI Action from task observable table.
- TISC Sighting Result column is missing in Sightings Search Result table.
- Fixed few issues related to WF to FD migration.
Before you use the Threat Intelligence Support Common, you must install the Security Support Orchestration (com.snc.secops.orchestration) plugin.