Key Features

• Integration Management: Includes prebuilt integrations for Security Incident Response, Threat Intelligence, and Vulnerability Response. Provides instructions for activating plugins, configuring integrations with ServiceNow and third-party systems, and guidance for developing custom integrations.
• Email Processing: Supports ingestion of information from external detection systems, with features to handle unmatched emails, prevent duplication, and enable fine-grained processing of security records.
• Filter Groups: Enables creation and use of filter groups to locate and organize records across any instance table, such as grouping computers by manufacturer or filtering configuration items by vulnerability or subnet.
• Escalations: Allows creation of escalation paths for security incidents that require specialized attention. Escalation groups enable quick escalation via buttons on related incidents.
• Security Tags and Tag Groups: Facilitates tagging of incidents, tasks, observables, and other security records to assign metadata and control access to security content by security groups.
• Workflows and Workflow Triggers: Provides numerous built-in workflows plus the ability to create custom workflows from templates. Workflow triggers automate workflow execution based on specific table conditions.
• Enrichment Data Mapping: Transforms data from XML, JSON, or Properties files into ServiceNow records. Used extensively in workflows to enrich security incidents with external data.
• Field Value Transforms and Field Mapping: Translates customer-specific field values into standardized formats recognized by Security Operations, supporting choice fields and references. Enables mapping between Security Operations tables and other system tables, linking incidents to cases or problems.
• On-Demand Orchestration: Empowers security analysts to trigger workflow-driven tasks on demand during incident analysis, such as running process dumps on configuration items.
• CMDB CI Identifier Rules: Defines rules to identify configuration items in the CMDB by matching data from third-party integrations with prioritized evaluation order.
• Domain Separation Support: Allows creation of domain-specific overrides for Security Operations properties, enabling customized application behavior per domain.
• Operating System Groups: Maps operating systems to process types and scripts used in Security Incident Response workflows, with support for adding new OS groups as needed.
• Security Annotations: Enables adding notes or comments on configuration items, observables, or incidents for additional context.
• Search Capabilities: Uses the Zing text indexing engine to provide fast, comprehensive search across Security Operations applications.
• Security Operations Orchestration: Integrates with Windows and UNIX environments using activity packs and workflows to interact with external systems.

Practical Benefits for ServiceNow Customers

Activating Security Support Common ensures consistent, shared capabilities across all Security Operations applications, streamlining setup, integration, and day-to-day security workflows. Customers benefit from improved data enrichment, standardized data handling, role-based access control, and automation opportunities that enhance incident response efficiency and accuracy. The plugin supports scalable and customizable security operations, enabling tailored escalation paths, domain-specific configurations, and integration with external detection and orchestration systems. Overall, it simplifies managing complex security workflows within the ServiceNow platform.