Security Incident Response integration with Proofpoint allows security operations center (SOC) analysts to generate Now Platform® Security Incident Response (SIR) incidents automatically when certain configured ProofPoint Events are captured.Analysts respond to the security incidents that are created with workflows in the Now Platform that automate incident response activities and remediation.
- Proofpoint Events Ingestion inturn linked to Mailbox, helps to capture events i,e clicks/messages types.
- Aggregate Proofpoints events to existing open security incidents so that you don't have to create duplicate security incidents.
- Schedule Proofpoint events ingestion to create security incidents periodically.
- Threat Intelligence.
- Automate Proofpoint Integration status updates for Security Incident Response so that you can create and close security incidents.
Fixed:
- Access permissions for the sn_si.analyst role to ensure read-only access to Event Profiles.
The Security Incident Response Dependency plugin (com.snc.si_dep) is required. This plugin automatically installs all the dependencies that are required to support the Security Incident Response product. Install and activate this plugin before you install and activate the other Security Operations applications required by the integration.
Verify that the following Security Operations applications are installed and activated from the ServiceNow Store. If not installed, install and activate one application at a time in the order listed below to ensure a smooth installation.
- Security Incident Response
- Security Integration Framework
- Security Support Common
- Security Support Orchestration
- Threat Intelligence Support Common
- Security Incident Response Workspace