Configure Major Security Incident status reports

  • Release version: Xanadu
  • Updated August 1, 2024
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configure Major Security Incident Status Reports

    This feature enables ServiceNow customers to create, customize, and generate major security incident (MSI) status reports tailored to their business needs throughout the incident remediation lifecycle. Using the Major Security Incident Management workspace, users with thesnmsi.workspacemanagerrole can build report templates that define the structure, content, and format of status reports. These reports can be shared with key stakeholders such as executives and legal teams to communicate incident progress effectively.

    Show full answer Show less

    Key Features

    • Report Templates: Create templates with sections, subsections, and elements allowing inclusion of fields such as report title, summary, date, progress metrics, challenges, and next steps.
    • Customizable Components: Add visualized data, related lists, branding elements (logos, headers, footers), and filter data by assignment groups or labels.
    • Report Types: Three main report categories are supported:
      • Executive Email (mobile-friendly email format)
      • Executive Status Report (PDF format)
      • Technical Status Report (PDF format with detailed task updates and incident impact)
    • Report Structure: Organize reports with report sections, subsections (text panels, primary, secondary), and subsection elements for clear, logical presentation of data.
    • Template Scripts and Visualizations: Enhance report templates with scripts and visual data components to track scope, progress, and timeline events.
    • System Properties: Configure system-level settings to control MSI report behavior.

    Practical Benefits for ServiceNow Customers

    • Streamline communication of major security incident status to diverse stakeholder groups using tailored report formats.
    • Ensure consistent and comprehensive reporting throughout the incident lifecycle by using standardized templates.
    • Improve visibility into incident progress, challenges, and next steps with customizable visual and textual report elements.
    • Facilitate quick report generation directly from the Major Security Incident Management workspace with preconfigured or custom templates.
    • Support mobile-friendly communication via Executive Email reports.

    Getting Started

    To customize MSI status reports, begin by creating or modifying report templates within the Report Templates feature. Define the report structure by adding sections, subsections, and elements, then map these templates to specific major security incident records. Use the Major Security Incident Management workspace to generate and share reports with recipients based on the configured templates.

    Configure major security incident reports to set up and download the reports according to your business needs throughout the life cycle of the major security incident record remediation process.

    You can build the report templates with a specific format and layout, and customize these reports according to your specific requirements using the Status Reports feature of the Major Security Incident Management workspace.

    A user with the sn_msi.workspace_manager role can create and configure the report templates that outline the type of report information that can be used to generate all the status reports, which can be shared with specific users such as executive stakeholders, legal departments and map those templates to the major security incident records.

    To customize your MSI status reports, you must first set up the report templates using Report Templates. With the help of Report Templates, you can build the report template types, define the report components for those report templates, add additional information, create visualized data to track the scope and progress metrics, add related list data, and generate the status reports.

    The following describes the default fields provided in all the report template types. You can configure and format the report template based on your requirements using sections, subsections, and its elements:
    Table 1. Status Report components
    Component Type Description
    Report Title Title of the report type. For example, the default format of the report type is: {MSI Number} - {Executive Stakeholder Report} depicted as MSI0001001: Executive Stakeholder Report.
    Name Displays the name of the user who generated the report using the Status Reports section of the Major Security Incident Management workspace.
    Summary Displays a brief summary of the report.
    Date Displays the date on which the report is shared with the concerned recipient.
    Progress Displays the Scope and Progress Metrics such as the linked SIR Incidents, Response Tasks, Supplementary Tasks, External Collaboration, Timeline components, and Recent Timeline Events.
    Challenges This section displays a brief description on the challenges involved throughout the major security incident remediation process.
    Next Steps This section displays a brief description on the next steps involved in resolving the major security incident. For example, the active team subsection in the executive stakeholder report provides you with the information with the next step on the team assignment who is involved in further analysis of the major security incident record.
    Other customizations The report template also provides you with the capability to upload the logo and customize the headers and footers on the report.
    Following are the types of report categories that can be set up and viewed:
    • Executive Email
    • Technical Status Report PDF
    • Executive Status Report PDF
    The above reports are configured and available for the user to select, view, and generate the report from the Major Security Incident Management workspace.

    Mobile-friendly Executive Status Reports - Email

    The Executive Status Reports - Email are mobile-friendly status reports that are generated in email format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record.

    Customize and configure the following report template features to add additional information to the report. A sample executive email status report is shown below for your reference.
    Figure 1. Executive Status Report Email
    Executive Status Report Email

    Executive Status Reports - PDF

    The Executive Status Reports - PDF are status reports that are generated in PDF format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record.

    Customize and configure the following report template features to add additional information to the report. A sample executive report is shown below for your reference.
    Figure 2. Executive Status Report PDF
    Executive Status Report PDF

    Technical Status Reports - PDF

    The Technical Status Reports - PDF are status reports that are generated in PDF format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record, labeled Task updates and labeled activities, based on the assignment group and selected tag label since when the last status report is generated, and additional information such as incident impact and linked incidents.

    Customize and configure the report template to add additional information to the report. A sample technical report that shows the additional information, such as the incident impact, is illustrated below for your reference, and the remaining part of the report information is similar to the executive reports.
    Figure 3. Technical Status Report - PDF
    Technical Status Report PDF
    The report template sections contain various subsections, which describe how you can construct the report subsections and its elements such as:
    1. Branding: Add Branding to your Report Templates
    2. Template Scripts: Use Template Scripts in your Report Templates
    3. Use Visualizations in Report Templates
    4. Use Reports Lists in Report Templates