List view in SIR Workspace

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of List view in SIR Workspace

    The List view in the Security Incident Response (SIR) Workspace provides ServiceNow security analysts with an efficient interface to manage Security Incidents, Response Tasks, Phishing Emails, Assessments, and Shift Handover records. Pre-applied filters and customizable list views enable quick access to relevant work items, streamlining incident management and team collaboration.

    Show full answer Show less

    Key Features

    • Security Incidents: Multiple filtered lists such as Assigned to Me, Assigned to Team, Unassigned, All Open, and All allow analysts to quickly locate and manage incidents. Analysts can configure visible columns, assign or delete incidents, create new incidents, apply quick filters for immediate priority, refresh lists, and export data in Excel, CSV, JSON, or PDF formats.
    • Response Tasks: Similar to Security Incidents, with lists for Assigned to Me, Assigned to Team, Unassigned, All Open, and All. Analysts can configure columns, assign tasks to others, create new tasks, apply quick filters, refresh, and export the task list.
    • Phishing Emails: Displays all phishing emails sorted by last update. Analysts can report phishing emails directly from the list, delete emails, and export the list in various formats.
    • Assessments: Lists pending and all assessments needed for post-incident reviews, enabling analysts to track and complete required assessments.
    • Shift Handover Records: Provides lists filtered by team assignments and all records. Supports roles including Admin (shift owner), Security Analyst (shift analyst), and Security Manager with role-based access controls for editing or viewing records. Analysts can create, edit, copy, or delete Shift Handover records tied to Shift Handover Report Templates.
    • Quick Filters: Easily accessible filters for Security Incidents and Response Tasks that help analysts prioritize work items without using advanced filters.
    • Personalization: Security analysts and managers can personalize list views for incidents, response tasks, or phishing emails based on individual preferences.

    Key Outcomes

    • Improved efficiency in managing and navigating security incidents and response tasks through predefined and customizable filters and views.
    • Enhanced team collaboration by enabling assignment and reassignment of incidents and tasks directly from the list view.
    • Streamlined handling of phishing emails with reporting, deletion, and export capabilities.
    • Effective management of Shift Handover records with role-based access and editing capabilities ensuring continuity across shifts.
    • Ability to export critical security data in multiple formats for reporting and analysis purposes.
    • Quick access to pending assessments to ensure timely post-incident reviews.

    The list view consists of the security incidents, response tasks, phishing emails, and assessments.

    The list view has pre applied filters such as Assigned to Me, Assigned to Team, Unassigned, All Open, All, and so on.

    Using these list categories and filtered lists, analysts can quickly find the required Security Incidents and Response Tasks records that they need to work on.

    To get to the list view, select the list icon (list view icon). When you select a record in a list view, the record opens in a new tab.

    List types

    The following gives you an example view of the lists.

    Landing page list view

    The list pane contains the following sections:

    Table 1. Lists
    List item Description Capability
    Security Incidents View the list of security incidents and navigate to the desired incident to start working on them. The following lists are available:
    • Visible to Me: Security incidents that are visible to the logged in user.
    • Assigned to Me: Security incidents that are assigned to the analyst.
    • Assigned to the Team: Security incidents that are assigned to all the teams that the analysts belongs to.
    • Unassigned: List of unassigned security incidents.
    • All Open: List of all open security incidents.
    • All: List of all security incidents.
    • On the List view, the Analyst can configure the list of columns by clicking on the gear icon which is available above the incident columns.
    • The analyst can select one or more security incident(s) and assign those incidents to the other users.
    • The analyst can delete the security incidents.
    • The analyst can create a new security incident.
    • The analyst can apply the quick filters. Apply the filters by clicking on the Quick Filters option instead of using the advance Filter option. Using the quick filters, you can quickly filter the list of security incidents that needs immediate attention. For more information, see Working with quick filters.
    • The analysts can refresh the list of incidents.
    • The analyst can export the list view to Excel, CSV, JSON, and PDF formats.
    Shift Handover Records View the list of Shift Handover records. The following lists are available:
    • Assigned to the Team: Shift Handover records that are assigned to all the teams/user groups that the analysts belongs to.
    • All: List of all security incidents.
    		 Shift Handover supports the following three roles:
    • Admin: Shift owner role
    • Security Analyst: Shift analyst role
    • Security Manager: Shift owner role, but doesn't have access to user group to which the Shift Handover record is assigned to.
    • The users with the Shift Owner/Analyst role who are part of the user group in the active shift can add or modify content in the shift handover records in the draft state.
    • The users who don't have the Shift owner/analyst role or are not part of the user group in the active shift can only view the content in the Shift Handover records.
    Response Tasks View the list of response tasks and navigate to the desired response task to start working on them. The list view contains:
    • Assigned to Me: Response tasks that are assigned to the analyst.
    • Assigned to the Team: Response tasks that are assigned to the teams to the analysts belongs to.
    • Unassigned: List of unassigned response tasks.
    • All Open: List of all open response tasks.
    • All: List of all response tasks.
    • On the List view, the Analyst can configure the list of columns by clicking on the gear icon which is available above the incident columns.
    • The analyst can select one or more response task(s) and assign those tasks to other users.
    • The analyst can create a new response task.
    • The analyst can apply the quick filters. Apply the filters by clicking on the Quick Filters option instead of using the advance Filter option. Using the quick filters, you can quickly filter the list of response tasks that needs immediate attention.
    • The analysts can refresh the list of response tasks.
    • The analyst can export the list view to Excel, CSV, JSON, and PDF formats. For more information, see Export Security Incidents or Response Tasks.
    Phishing Emails View the list of all Phishing emails. The list view will be sorted based on the last update.
    • Report Phishing Email. For more information, see Report Phish Email on how to report a phishing email.
    • Delete phishing emails.
    • Export the phishing emails list view to Excel, CSV, JSON, and PDF formats.
    Assessments View the list of assessments needed to perform post incident review.
    • My pending Assessments: List of pending assessments.
    • My All Assessments: List of all assessments.
    		 Take assessments.