Major Security Incident Management

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Major Security Incident Management

    Major Security Incident Management (MSIM) enhances the handling of significant security incidents by integrating with the existing Security Incident Response capabilities in ServiceNow. It enables security analysts to escalate standard incidents to major ones, initiate or bypass review processes, reject proposals, and link related child incidents. This ensures coordinated and efficient remediation of major security threats.

    Show full answer Show less

    Key Features

    • Dedicated Workspace: Tailored for the major security incident manager role to streamline incident oversight.
    • Incident Organization: Manage response tasks across multiple child security incidents linked to a major incident.
    • Automated Collaboration: Automatically creates collaboration folders and chat channels when a major incident is created, with archival upon closure.
    • File Management: Integrates with Microsoft SharePoint to organize and track artifacts and files related to the major incident through a file explorer component.
    • Communication Management: Uses Microsoft Teams integration to manage communications across security, IT, and functional groups via chat channel manager and activity stream components.

    Workspace Components

    The product includes user interface pages and workspace components specifically designed to support major incident management tasks, facilitating coordination, artifact tracking, and communication through Microsoft SharePoint and Microsoft Teams integrations.

    Supported Versions and Requirements

    • Requires ServiceNow AI Platform® Rome version or later.
    • Supports Microsoft Teams as part of the Microsoft Office 365 suite for collaboration.
    • Depends on the Security Incident Response plugin (com.snc.sidep) and related Security Operations applications, which must be installed and activated in a specified order for smooth functionality.

    Practical Application for ServiceNow Customers

    By implementing MSIM, ServiceNow customers can effectively manage and remediate major security incidents with enhanced visibility, coordination, and communication tools. The integration with Microsoft Teams and SharePoint simplifies collaboration and artifact management, while the dedicated workspace and automation features reduce manual effort and improve response times. Customers should ensure prerequisite plugins are installed and verify platform compatibility to fully leverage MSIM capabilities.

    Track and manage various activities that are typically part of resolving a major security incident through Major Security Incident Management. Through an intuitive workspace, incident managers and those working on an incident can propose and promote incidents to major incidents, track major security incident activities, and easily collaborate with colleagues.

    Overview

    The major security incident management capabilities work in conjunction with the existing security incident response product capabilities. This includes an ability for a security analyst to escalate a standard security incident to a major security incident, so that the new product capabilities are available to support the remediation process.

    After you install on your ServiceNow instance, a security incident analyst can:

    • Propose a security incident to major security incident candidate to initiate a review process on the need to create a major security incident.
    • Directly promote a security incident to a major security incident without the need for an additional review process.
    • Reject a security incident that is proposed as a major security incident (MSI).
    • Link a security incident as a child incident to the major security incident (MSI) so that all security incidents can be worked.

    Key features

    Major Security Incident Management (MSIM) improves the major security incident remediation process with the following features:

    • Dedicated workspace for managing major security incidents designed for the major security incident manager user role.
    • Organize response tasks across multiple 'child' security incidents.
    • Automate creation of collaboration folders and chat communication channels after a major security incident is created, as well as archival as part of incident closure.
    • File explorer component to organize and track the collection of artifacts (files) related to the major security incident via a Microsoft SharePoint integration.
    • Chat channel manager and activity stream components to manage communications across multiple security, IT, and functional groups via a Microsoft Teams integration.

    Workspace Components

    The Major Security Incident Management product contains several new workspace components and user interface pages that deliver the key features functionality:

    • Dedicated workspace for managing major security incidents specifically designed for the major Security Incident Manager user role.
    • Organize response tasks across multiple child security incidents.
    • Automate creation of collaboration folders and chat communication channels after a major security incident is created, as well as archival as part of incident closure.
    • File explorer component to organize and track the collection of artifacts (files) related to the major security incident via a Microsoft SharePoint integration.
    • Chat channel manager and activity stream components to manage communications across multiple security, IT, and functional groups via a Microsoft Teams integration.

    Supported Major Security Incident Management versions

    Major Security Incident Management (MSIM) requires ServiceNow AI Platform® Rome version.

    This feature supports Microsoft Teams, which is a chat-centered workspace in the Microsoft Office 365 suite. Earlier Microsoft Teams was a separate installation from Microsoft Office 365 applications.

    Supported ServiceNow AI Platform versions

    This feature is supported on Rome and later releases.

    The following Security Operations applications are the standard Security Incident Response plugins that will likely be installed for most of the users if they’re using already Security Incident Response (SIR). If not installed, you must install and activate from ServiceNow Store. Install and then activate one application at a time in the order mentioned to ensure a smooth installation:
    1. Security Incident Response: com.snc.si_dep is the dependent plugin. Installing this plugin activates the other Security Operations applications.
    2. Security Integration Framework
    3. Security Support Common
    4. Security Support Common Orchestration