• New customers: When you install a Now Assist product, designated skills are turned on automatically.
• Existing customers who are upgrading (starting with Yokohama Patch 11): Any previously unconfigured skill is turned on automatically (the skill was never configured and turned on, then turned off again). Previously configured skills that were turned on, then off, remain inactive.

• Generate metrics for Security Incident Response (SIR) records for case volume, mean time to assign (MTTA), and mean time to resolve (MTTR) for a date range of your choosing.
• Request suggestions for how to improve MTTR, MTTA, and volume based on your metrics.

• Correlation insights are not limited to the primary configuration item (CI) or affected users associated with a security incident. You can base your correlation insights on any CI or affected user for a security incident.
• You can generate correlation insights from the Investigation tab for a security incident in any state in the Security Incident Response Workspace.
• You can generate insights for multiple items simultaneously for Associated Observables, Configuration items, and Affected Users.
• Results are displayed in a modeless dialog that you can size and move.

The Assess vulnerability exposure agentic workflow enables vulnerability managers to determine your exposure to vulnerabilities.

• Determine your exposure to the most current Cybersecurity and Infrastructure Security Agency (CISA) known vulnerabilities in your environment and assess their potential impact to your configuration items (CIs) and business services.
• Identify assets with Common Vulnerabilities and Exposures (CVEs).
• Determine the number of active vulnerability items (VITs) that correspond to CVEs. Create watch topics for VIT remediation.

The Analyze vulnerability remediation status agentic workflow enables vulnerability managers to monitor and assess remediation target compliance.

• Track Service Level Agreement (SLA) compliance - Understand how effectively your organization is meeting remediation goals for vulnerabilities based on your SLAs.
• Analyze missed SLAs by severity, assignment group, and configuration item (CI) class - Pinpoint gaps in remediation by categorizing overdue VITs based on severity, assignment groups, and CI classes to enable targeted interventions and smarter resource allocation.

• Analysts can chat with the AI agents in natural language to close the security incidents. The AI agent can cancel the associated response tasks, generate resolution notes, close code, or close notes and post incident analysis (PIA) during incident closure. Analysts can provide feedback on the content and the AI agent can refine the content​ based on the feedback.
• Analysts can also close false positive security incidents with minimal user intervention.

• Generate correlation insights

  Generate correlation insights to connect current security incidents to past events. You can identify the affected users, configuration items (CI)s, or observables (IP addresses and file hashes) from existing incidents and records to help you more quickly triage your new security incidents. Correlation insights are supported in Workspace, the Core UI, and from the Now Assist panel.

• Enhancements to closure (resolution) notes and post incident analysis generation
  Generate resolution notes from the Close the security incident modal or the Now Assist context menu on a security incident record (SIR). You can also generate resolution notes from the Now Assist panel. If you choose the Now Assist context menu, you have the following options to help you refine the generated text:

  • Shorten: Select the text to remove details.
  • Elaborate: Generate more details about the context of a security incident.

  Note:

  Generating resolution notes is supported in Workspace and Core UI. Generating a post incident analysis is supported from the Close the security incident modal in Workspace.