0
1.0.0
Australia, Zurich Patch 7
Standalone Application
Operational Technology Security Incident Response (OT SIR) extends Security Incident Response with OT-specific context and workflows, enabling organizations to effectively investigate and respond to security incidents affecting industrial environments. It enriches security incidents with operational context such as Sites, Equipment Model Entities (EMEs), and OT Configuration Items, helping analysts understand the potential operational impact of an incident. By providing OT-focused incident views, investigation capabilities, and response actions such as OT Change Requests, OT SIR enables security and operations teams to collaborate more effectively and respond to threats before they impact production, safety, or business continuity.
- Dedicated OT Security Incident view to help analysts quickly identify and prioritize incidents impacting OT configuration items within the SIR workspace.
- OT context enrichment for security incidents through OT Configuration Items, Equipment Model Entities (EME), site information, and other OT asset attributes to improve investigation and impact assessment.
- Seamless navigation from SIR to Industrial Workspace using the "View in OT Equipment Model Entity" action, enabling analysts to access additional operational context and configuration items relationships.
- Ability to create OT Change Requests from Security Incidents and Response Tasks, enabling coordinated remediation and response actions for OT environments.
- Unified visibility of Security Incidents and Response Tasks within the Industrial Workspace, allowing SOC analysts and OT teams to collaborate using a shared operational view.
Initial release (cGTM)
- Required plugins and products
- Dependencies
- Operational Technology Manager
- Industrial Process Manager
- Security Incident Response
Requires the Operational Technology Change Management application from the ServiceNow Store to create OT Change Requests. This dependency is optional and only needed if OT Change Request creation is required.