Checklist for MSIM setup

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Checklist for MSIM setup

    This checklist guides ServiceNow customers through the end-to-end installation and configuration of the Major Security Incident Management (MSIM) application, version Yokohama, updated January 30, 2025. It ensures all necessary components, roles, and integrations are properly set up to enable efficient management of major security incidents within the ServiceNow platform.

    Show full answer Show less

    Setup Requirements and Key Steps

    • Application Installation: Confirm that the MSIM application (v1.1.1) is installed and activated from the ServiceNow Store. The installation automatically adds several dependent applications, such as File Explorer Core for Security Operations, Microsoft SharePoint File Explorer Connector, Microsoft Teams Chat Connector, Major Security Incident Response, and others critical for workspace visualizations and incident response.
    • User Role Assignments: Assign appropriate MSIM roles to users involved in the incident lifecycle: MSI Administrator, MSI Manager, and MSI Responder. These roles govern permissions and responsibilities in managing major security incidents.
    • Microsoft SharePoint Integration: Set up Microsoft SharePoint (v1.0.0) configurations to manage sites, folders, files, groups, and users. This includes establishing Graph and REST API connections between ServiceNow and SharePoint, creating or using existing SharePoint sites to host document libraries, managing user permissions and groups, and configuring the SharePoint Drive with file and folder action settings and templates tailored for different incident types.
    • Microsoft Teams Integration: Establish and verify the Microsoft Teams Chat Connector connection with the ServiceNow AI Platform instance. Configure Teams connections and credentials, and create chat channel templates to facilitate communication during incident management.
    • MSIM Administration and Configuration: As an MSI Administrator, configure key settings such as:
      • Control whether security analysts can propose/promote incidents and link other security incidents.
      • Enable or disable notifications for incident proposal or promotion events.
      • Edit default message templates for incident communications.
      • Configure security tags within the analyst interface to visually differentiate incident statuses.
    • Notification Settings: Set up email notifications to alert configured users and groups when a security incident is proposed, ensuring timely awareness and response.

    Practical Benefits

    Following this checklist enables ServiceNow customers to deploy a fully integrated MSIM environment that connects incident response workflows with Microsoft SharePoint document management and Microsoft Teams collaboration tools. This integration streamlines major security incident handling, improves communication, and ensures proper role-based access and notifications, all within the ServiceNow platform.

    Customers can expect enhanced coordination among security analysts, clear visibility of incident statuses, and efficient documentation and communication support throughout the incident lifecycle.

    Before using the ServiceNow® Major Security Incident Management (MSIM) application, download the application from the ServiceNow® Store.

    Track your progress with the setup, installation, and configuration from the following table.

    Note:
    The roles assigned for Major Security Incident Management application are listed in the further following sections, for more information, see Major Security Incident Management roles.
    Use the following checklist to guide you through the end-to-end steps to install and configure Major Security Incident Management application.
    Table 1. Checklist
    Setup task Description

    Verify that the Major Security Incident Management application is installed and activated from the ServiceNow® Store.

    Major Security Incident Management v1.1.1 is available on ServiceNow® Store.

    Follow these instructions: downloading an application from the ServiceNow Store.

    Verify that the following applications are installed in the given order.

    		 The following applications will be installed by default after you install Major Security Incident Management application in the current application release version:
    • File Explorer Core for Security Operations v1.1.1
    • Microsoft SharePoint File Explorer Connector for Security Operations v1.1.1
    • File Explorer Component for Security Operations v1.0.0
    • Microsoft Teams Chat Connector for Security Operations v1.0.0
    • Chat core for Security Operations v1.0.0
    • Major Security Incident Response v1.1.1
    • Collab Chat EVAM card for MSIM workspace v1.0.0 (This application is set up only for the UI visualizations in the application background for Major Security Incident Management workspace)
    • Task Organizer UI Component for Major Security Incident Management workspace 1.0.0
    • Security Incident Response v12.8.1

    Verify that the user roles are assigned to Major Security Incident as appropriate.

    		 The following roles are involved throughout the incident life-cycle of Major Security Incident remediation process:
    • MSI Administrator [sn_msi.workspace_admin]
    • MSI Manager [sn_msi.workspace_manager]
    • MSI Responder [sn_msi.workspace_responder]
    For more detailed information on each role, see Major Security Incident Management roles.

    Verify that you have successfully setup Microsoft SharePoint v1.0.0 configuration.

    Microsoft SharePoint manages sites, folders, files, groups, and users in Microsoft SharePoint.

    Add Microsoft SharePoint data to your ServiceNow® instance. To do this, you must have to setup Graph and Rest connections.

    For information, see Microsoft SharePoint spoke v1.1.2 documentation on how to setup REST and Graph connections Configuration.

    Establish Graph and REST connection to connect to your ServiceNow® instance from Microsoft SharePoint.

    Verify that you have created a Microsoft SharePoint site to create a document library.

    Create a Microsoft SharePoint site, if required or you can use an existing site to create the document library.

    Verify that you have created a document library under the Microsoft SharePoint site.

    Create a dedicated document library under a new or existing Microsoft SharePoint site.

    Verify that required permissions are provided to the users and assigned to the required user groups in the Microsoft SharePoint.

    Manage access from Microsoft SharePoint site to different users and user groups.

    Verify that you have created and configured Microsoft SharePoint Drive and necessary configuration settings.
    To verify the drive configurations, setup Microsoft SharePoint File Explorer Connector, Folder, and File Actions and Folder Templates:
    Verify that you have successfully established a connection to Microsoft Teams Chat Connector application.

    To establish Microsoft Teams Chat Connector application connection with ServiceNow® instance, follow the procedure explained here: Establish MS Teams Graph connection on ServiceNow AI Platform.

    Verify that you have configured Microsoft teams with ServiceNow AI Platform® instance and created connections and credentials configurations.
    To verify Microsoft Teams configuration with ServiceNow® instance, follow the procedure as explained here:
    Verify that the Major Security Incident Administration - Configuration settings are successful.
    As an MSI Administrator, you must be able to:
    • Determine whether security analysts can propose and promote the incident and link other security incidents.
    • Enable or disable the notifications when an incident is proposed or promoted. Ability to edit default template messages.
    • Configure security tags that appear on the security analyst interface to differentiate the incidents that have been proposed as a major security incident candidate or promoted to a major security incident.
    Verify that the Major Security Incident Administration - Notifications settings are successful. As an MSI Administrator, trigger email notifications when a security incident is proposed and are sent to all those users and groups who are configured to the notifications list. For more information, see Set notification preferences for MSIM.