Key Features

• Integrations: Includes multiple out-of-the-box integrations for Security Incident Response, Threat Intelligence, and Vulnerability Response, with guidance for activation, configuration, and custom development.
• Email Processing: Supports integration with external detection systems, fine-grained processing of security records, unmatched email handling, and duplication prevention.
• Filter Groups: Enables creation of groups to filter and locate records across tables, such as grouping computers by manufacturer or filtering configuration items by vulnerabilities or IP ranges.
• Escalations: Allows creation of escalation paths for security incidents, enhancing management of issues requiring specialized attention. Escalation buttons appear on relevant incidents.
• Security Tags and Tag Groups: Provides metadata tagging for incidents, tasks, vulnerable items, and indicators of compromise (IoCs) to control access and organize security content.
• Workflows and Workflow Triggers: Offers predefined workflows and triggers based on table conditions, enabling automation and customized response processes within Security Operations.
• Enrichment Data Mapping: Transforms external data formats (XML, JSON, Properties files) into ServiceNow records for use in workflows and data enrichment.
• Field Value Transforms and Field Mapping: Standardizes and maps unique customer field values for consistent parsing, enrichment, and integration with other tables like customer service cases or problems.
• On-Demand Orchestration: Enables security analysts to execute specific tasks (e.g., process dumps) during incident analysis directly from workflows.
• CMDB CI Identifier Rules: Defines rules to identify configuration items by matching data from third-party integrations, prioritizing evaluation order for accurate CI lookups.
• Operating System Groups: Associates operating systems with process types and scripts to support retrieval of running processes in incident response workflows, with flexibility to add new OS groups.
• Domain-Separated Property Overrides: Allows customization of Security Operations properties per domain when domain separation is enabled, to tailor application behavior in multi-domain environments.
• Security Annotations: Facilitates adding explanatory notes to configuration items, observables, or incidents to enhance context and documentation in investigations.
• Search Capability: Utilizes the Zing text indexing engine to enable fast, comprehensive text searches across all Security Operations applications.
• Security Operations Orchestration: Supports interaction with Windows and UNIX systems through activity packs and workflows, expanding automation and data retrieval capabilities.

Practical Benefits for ServiceNow Customers

• Streamlines security response across multiple applications by centralizing shared functions and integrations.
• Enhances data consistency and operational efficiency through automated workflows, enriched data mapping, and standardized field transformations.
• Improves incident management with escalation paths, tagging for access control, and annotations for contextual insights.
• Supports robust integration with external security tools and detection systems, maintaining data integrity and reducing duplication.
• Enables customization to fit organizational needs, including domain-specific property overrides and flexible filter groups.
• Facilitates complex operational tasks and system interactions directly from incident workflows, increasing analyst productivity.