Checklist for MSIM setup

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Checklist for MSIM setup

    The Major Security Incident Management (MSIM) application in ServiceNow enables organizations to effectively manage major security incidents. Before utilizing this application, it must be downloaded from the ServiceNow Store. This checklist guides users through the setup, installation, and configuration processes necessary for deploying MSIM.

    Show full answer Show less

    Key Features

    • Installation Verification: Ensure MSIM and related applications are installed, including Microsoft SharePoint and Teams Connectors.
    • User Roles Assignment: Assign appropriate roles such as MSI Administrator, MSI Manager, and MSI Responder for incident lifecycle management.
    • Microsoft SharePoint Setup: Configure Graph and REST connections, create a SharePoint site, and establish document libraries with necessary permissions.
    • Microsoft Teams Configuration: Establish connections and set up chat channel templates for effective communication during incidents.
    • Administration Settings: Configure incident notifications, edit message templates, and manage security tags to differentiate incident statuses.

    Key Outcomes

    By following this checklist, ServiceNow customers will ensure MSIM is properly set up, allowing for efficient management of major security incidents. Successful configuration leads to enhanced communication, streamlined incident responses, and improved collaboration among security teams. Customers can expect a well-organized framework for handling major security incidents effectively.

    Before using the ServiceNow® Major Security Incident Management (MSIM) application, download the application from the ServiceNow® Store.

    Track your progress with the setup, installation, and configuration from the following table.

    Note:
    The roles assigned for Major Security Incident Management application are listed in the further following sections, for more information, see Major Security Incident Management roles.
    Use the following checklist to guide you through the end-to-end steps to install and configure Major Security Incident Management application.
    Table 1. Checklist
    Setup task Description

    Verify that the Major Security Incident Management application is installed and activated from the ServiceNow® Store.

    Major Security Incident Management v1.1.1 is available on ServiceNow® Store.

    Follow these instructions: downloading an application from the ServiceNow Store.

    Verify that the following applications are installed in the given order.

    		 The following applications will be installed by default after you install Major Security Incident Management application in the current application release version:
    • File Explorer Core for Security Operations v1.1.1
    • Microsoft SharePoint File Explorer Connector for Security Operations v1.1.1
    • File Explorer Component for Security Operations v1.0.0
    • Microsoft Teams Chat Connector for Security Operations v1.0.0
    • Chat core for Security Operations v1.0.0
    • Major Security Incident Response v1.1.1
    • Collab Chat EVAM card for MSIM workspace v1.0.0 (This application is set up only for the UI visualizations in the application background for Major Security Incident Management workspace)
    • Task Organizer UI Component for Major Security Incident Management workspace 1.0.0
    • Security Incident Response v12.8.1

    Verify that the user roles are assigned to Major Security Incident as appropriate.

    		 Following are the roles involved throughout the incident lifecycle of Major Security Incident remediation process:
    • MSI Administrator [sn_msi.workspace_admin]
    • MSI Manager [sn_msi.workspace_manager]
    • MSI Responder [sn_msi.workspace_responder
    For more detailed information on each role, see Major Security Incident Management roles.

    Verify that you have successfully setup Microsoft SharePoint v1.0.0 configuration.

    Microsoft SharePoint manges sites, folders, files, groups, and users in Microsoft SharePoint.

    Add Microsoft SharePoint data to your ServiceNow® instance. To do this, you must have to setup Graph and Rest connections.

    For information, seeMicrosoft SharePoint spoke v1.1.2 documentation on how to setup REST and Graph connections Configuration.

    Establish Graph and REST connection to connect to your ServiceNow® instance from Microsoft SharePoint.

    Verify that you have created a Microsoft SharePoint site to create a document library.

    Create a Microsoft SharePoint site, if required or you can use an existing site to create our document library.

    Verify that you have created a document library under the Microsoft SharePoint site.

    Create a dedicated document library under a new or existing Microsoft SharePoint site.

    Verify that required permissions are provided to the users and assigned to the required user groups in the Microsoft SharePoint.

    Manage access from Microsoft SharePoint site to different users and user groups.

    Verify that you have created and configured Microsoft SharePoint Drive and necessary configuration settings.
    To verify the drive configurations, setup Microsoft SharePoint File Explorer Connector, Folder and File Actions and Folder Templates:
    Verify that you have successfully established a connection to Microsoft Teams Chat Connector application.

    To establish Microsoft Teams Chat Connector application connection with ServiceNow® instance, follow the procedure explained here: Establish MS Teams Graph connection on ServiceNow AI Platform.

    Verify that you have configured Microsoft teams with ServiceNow AI Platform® instance and created connections and credentials configurations.
    To verify Microsoft Teams configuration with ServiceNow® instance, follow the procedure as explained here:
    Verify that the Major Security Incident Administration - Configuration settings are successful.
    As an MSI Administrator, you must be able to:
    • determine whether security analysts can propose and promote the incident and link other security incidents.
    • enable or disable the notifications when an incident is proposed or promoted. Ability to edit default template messages.
    • configure security tags that appear on the security analyst interface to differentiate the incidents that have been proposed as a major security incident candidate or promoted to a major security incident.
    Verify that the Major Security Incident Administration - Notifications settings are successful. As an MSI Administrator, trigger email notifications when a security incident is proposed and are sent to all those users and groups who are configured to the notifications list. For more information, see Set notification preferences for MSIM.