Using AI agentic workflows in Now Assist for Security Incident Response
Summarize
Summary of Using AI Agentic Workflows in Now Assist for Security Incident Response
Utilize AI agentic workflows in Now Assist for autonomous task completion in security incident response. Role masking allows users to restrict roles and privileges during workflow execution, ensuring security and compliance. Pre-defined roles are assigned to agentic workflows and AI agents, and it is essential to configure security controls and data access settings accordingly.
Show less
Key Features
- Close Security Incident: Assists security analysts in closing incidents using natural language.
- Analyze Security Operations Metrics: Enables SOC managers to evaluate performance metrics related to security incidents, such as case volume and resolution times.
- Security Incident Resolution: Guides analysts in identifying resolution paths and closing incidents.
- Generate SIR Shift Handover Report: Automatically populates shift handover reports with relevant security incident details.
Key Outcomes
With these workflows, users can enhance their efficiency in managing security incidents, improve performance analysis, and ensure seamless transitions during incident handovers. Default settings require duplicating workflows for modification, allowing for customization and activation of triggers for automated processes.
Use the Security Incident Response AI agentic workflows to complete your tasks autonomously.
Role masking enables users to limit the roles and privileges of agentic workflows during tool execution. Agentic workflows and their AI agents that get installed with Now Assist applications are assigned pre-defined roles. If you select Users with specific roles for user access, you must configure the security controls to include these roles. Data access settings must also include these roles. For the instructions to change the security controls, see Define security controls for an agentic workflow.
| Agentic workflow name | Description | Available AI agents |
|---|---|---|
| Close security incident | This agentic workflow helps the security analysts to close a security incident using natural language in the Now Assist panel. | Security incident wrap-up generator |
| Analyze security operations metrics |
This agentic workflow helps a security operations center (SOC) manager analyze their security analysts' performance. Metrics are generated for security incident response (SIR) records for case volume, mean time to assign (MTTA), and mean time to resolve (MTTR). |
|
| Security incident resolution | This agentic workflow helps the security analysts to identify a security incident resolution path. This workflow also assist the security analysts to close a security incident using natural language in the Now Assist panel. |
|
| Generate SIR Shift Handover Report | This agentic workflow adds details of a security incident to the shift handover report. The agent populates the different sections of the shift handover with appropriate content by identifying the relevant details from the security incident. | Security incident shift handover AI Agent |
- Activate the workflow.
- If required, you can add a trigger to invoke the workflow automatically.
- There might be AI agents installed with the Now Assist application that are not used in agentic workflows. To learn how to see all agents that are available on your instance, see Find AI agents.
- To find agents that might not be installed on your instance, visit the AI Agent Marketplace on the ServiceNow Store.