Mobile Experience for Security Incident Response

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Mobile Experience for Security Incident Response

    The Security Incident Response Mobile app allows security operations center (SOC) managers and security analysts to manage security incidents directly from their Android or iOS devices. Users can log in to their ServiceNow AI Platform instance to access and manage critical security incidents and response tasks efficiently.

    Show full answer Show less

    Key Features

    • View and edit critical security incidents and response tasks.
    • Receive notifications for incidents based on predefined criteria.
    • Access groupings of incidents and tasks through custom queries or filters.
    • Update incidents with work notes and attachments.
    • Edit incident fields and assign incidents to team members.
    • View related lists, including configuration items, affected users, and response tasks.

    Key Outcomes

    By utilizing the Security Incident Response Mobile app, ServiceNow customers can enhance their incident management capabilities on the go. This mobile solution ensures timely responses to cyber threats and streamlines communication within the security team, ultimately improving the organization's security posture.

    Use your Android or iOS mobile device to manage your security operations center (SOC) tasks.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Security Incident Response

    If you are unfamiliar with the basic concepts of the Security Incident Response ( SIR) product on your ServiceNow AI Platform® instance, see Security Incident Response Overview for more information about threat intelligence and how this product can help you prioritize and resolve cyber threats to your organization.

    Overview

    As a security operations center (SOC) manager or a user with the ServiceNow AI Platform security analyst role (sn_si.analyst), you can log in to a ServiceNow AI Platform instance directly from your mobile device. With the Security Incident Response Mobile app, you can view, edit, and assign your most current and critical SIR security incidents and response tasks. Notifications inform you when critical security incidents assigned to you arrive.

    With the Security Incident Response Mobile app, you can perform the following SIR -related tasks from your mobile device:
    • View a list of critical security incidents and response tasks.
    • Receive detailed notifications for security incidents and tasks that meet pre-defined notification criteria.
    • View groupings of security incidents or tasks that are based on a pre-defined set of queries or filters.
    • View the work notes and related lists of security incidents.
    • Update security incidents and add work notes or attachments.
    • Edit the fields on security incidents.
    • Assign security incidents to yourself or to other members of your security team.

    When they are populated, you can view the following related lists on SIR security incidents with the Security Incident Response Mobile app:

    • Configuration Item
    • Affected User
    • Affected Services
    • Child Security Incidents
    • Similar Security Incidents (not support by ServiceNow AI Platform)
    • Observables
    • Response Tasks
    • Tasks
    • Task SLA
    • Attachments (not support by ServiceNow AI Platform)

    The following figure illustrates how you log into your ServiceNow AI Platform instance from your mobile device and the structure of the landing screen of the Security Incident Response Mobile app that is didplayed after you log in.

    For step-by-step instructions about how to set up your ServiceNow AI Platform instance and install the Security Incident Response Mobile app, see Set up checklist for the Security Incident Response Mobile app. For instructions about how to log in, see Log in to the Security Incident Response Mobile app.

    Figure 1. Security Incident Response Mobile app
    SIR Mobile app structure.
    Applications
    Applications are the ServiceNow® software components such as Security Incident Response (SIR), Vulnerability Response (VR), Governance, Risk, and Compliance (GRC) that provide specific features and functionalities within your ServiceNow AI Platform instance. After you install the Security Incident Response core application and the Security Incident Response Mobile app on your ServiceNow AI Platform instance, the icon for the core application is displayed on the bottom of your Android or iOS mobile device after you log in.
    Figure 2. Security Incident Response Mobile app (Security Incidents) icon
    SIR mobile app icon on mobile device highlighted.
    Folders
    Each ServiceNow® mobile application contains folders that separate the applets by category. In the preceding image of the landing page, Security Incidents and Incident Response Tasks are folders.
    Applets
    Applets are the different options within the application. The icons under the Security Incidents and Incident Response Tasks sections are the available applets of the Security Incident Response Mobile app.