List view in SIR Workspace

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of List view in SIR Workspace

    The List View in the SIR Workspace provides ServiceNow security analysts with organized access to key work items including Security Incidents, Response Tasks, Phishing Emails, Assessments, and Shift Handover Records. It features pre-applied filters and customizable views that enable analysts to quickly find, manage, and act on relevant records, enhancing operational efficiency in incident response workflows.

    Show full answer Show less

    Key Features

    • Security Incidents: Multiple filtered lists such as Assigned to Me, Assigned to Team, Unassigned, All Open, and All help analysts locate incidents efficiently. Analysts can configure columns, assign incidents to users, delete, create new incidents, apply quick filters, refresh the list, and export data in Excel, CSV, JSON, or PDF formats.
    • Response Tasks: Similar to incidents, response tasks have filtered lists (Assigned to Me, Assigned to Team, Unassigned, All Open, All), column configuration, assignment capabilities, task creation, quick filters, refresh, and export options.
    • Phishing Emails: Displays all phishing emails sorted by last update. Analysts can report phishing emails directly, delete emails, and export the list in various formats.
    • Assessments: Lists pending and all assessments required for post-incident reviews, allowing analysts to complete necessary evaluations.
    • Shift Handover Records: Allows viewing, creating, editing, copying, or deleting shift handover records. Records are filtered by team assignments or all records. Role-based access controls determine editing and viewing permissions.
    • Personalization and Quick Filters: Analysts and managers can personalize list views and apply predefined quick filters to focus on high-priority work items without complex filtering.
    • Bulk Actions: Capability to assign or close multiple security incidents simultaneously, facilitating efficient incident management especially for related or false positive incidents.

    Practical Benefits for ServiceNow Customers

    • Streamlines navigation and management of security incidents and response tasks through intuitive filtering and list customization.
    • Enables rapid identification and prioritization of work items requiring immediate attention via quick filters.
    • Supports collaboration by allowing analysts to assign work and share shift handover details securely.
    • Facilitates reporting and tracking of phishing emails directly from the list view.
    • Offers flexible export options to support reporting, audits, or integration with other tools.
    • Improves operational continuity and handover between shifts with controlled access and editable shift handover records.

    The list view consists of the security incidents, response tasks, phishing emails, and assessments.

    The list view has pre applied filters such as Assigned to Me, Assigned to Team, Unassigned, All Open, All, and so on.

    Using these list categories and filtered lists, analysts can quickly find the required Security Incidents and Response Tasks records that they need to work on.

    To get to the list view, you need to click the list icon (list view icon). When you click a record in a list view, the record opens in a new tab.

    List types

    The following gives you an example view of the lists.

    Landing page list view

    The list pane contains the following sections:

    Table 1. Lists
    List item Description Capability
    Security Incidents View the list of security incidents and navigate to the desired incident to start working on them. The following lists are available:
    • Visible to Me: Security incidents that are visible to the logged in user.
    • Assigned to Me: Security incidents that are assigned to the analyst.
    • Assigned to the Team: Security incidents that are assigned to all the teams that the analysts belongs to.
    • Unassigned: List of unassigned security incidents.
    • All Open: List of all open security incidents.
    • All: List of all security incidents.
    • On the List view, the Analyst can configure the list of columns by clicking on the gear icon which is available above the incident columns.
    • The analyst can select one or more security incident(s) and assign those incidents to the other users.
    • The analyst can delete the security incidents.
    • The analyst can create a new security incident.
    • The analyst can apply the quick filters. Apply the filters by clicking on the Quick Filters option instead of using the advance Filter option. Using the quick filters, you can quickly filter the list of security incidents that needs immediate attention. For more information, see Working with quick filters.
    • The analysts can refresh the list of incidents.
    • The analyst can export the list view to Excel, CSV, JSON, and PDF formats.
    Shift Handover Records View the list of Shift Handover records. The following lists are available:
    • Assigned to the Team: Shift Handover records that are assigned to all the teams/user groups that the analysts belongs to.
    • All: List of all security incidents.
    		 Shift Handover supports the following three roles:
    • Admin: Shift owner role
    • Security Analyst: Shift analyst role
    • Security Manager: Shift owner role, but doesn't have access to user group to which the Shift Handover record is assigned to.
    • The users with the Shift Owner/Analyst role who are part of the user group in the active shift can add or modify content in the shift handover records in the draft state.
    • The users who don't have the Shift owner/analyst role or are not part of the user group in the active shift can only view the content in the Shift Handover records.
    Response Tasks View the list of response tasks and navigate to the desired response task to start working on them. The list view contains:
    • Assigned to Me: Response tasks that are assigned to the analyst.
    • Assigned to the Team: Response tasks that are assigned to the teams to the analysts belongs to.
    • Unassigned: List of unassigned response tasks.
    • All Open: List of all open response tasks.
    • All: List of all response tasks.
    • On the List view, the Analyst can configure the list of columns by clicking on the gear icon which is available above the incident columns.
    • The analyst can select one or more response task(s) and assign those tasks to other users.
    • The analyst can create a new response task.
    • The analyst can apply the quick filters. Apply the filters by clicking on the Quick Filters option instead of using the advance Filter option. Using the quick filters, you can quickly filter the list of response tasks that needs immediate attention.
    • The analysts can refresh the list of response tasks.
    • The analyst can export the list view to Excel, CSV, JSON, and PDF formats. For more information, see Export Security Incidents or Response Tasks.
    Phishing Emails View the list of all Phishing emails. The list view will be sorted based on the last update.
    • Report Phishing Email. For more information, see Report Phish Email on how to report a phishing email.
    • Delete phishing emails.
    • Export the phishing emails list view to Excel, CSV, JSON, and PDF formats.
    Assessments View the list of assessments needed to perform post incident review.
    • My pending Assessments: List of pending assessments.
    • My All Assessments: List of all assessments.
    		 Take assessments.