Infoblox & ServiceNow Security Incident Integration Templates, Deployment Guide & Demo Video
Moderator
Posts: 84
Registered: ‎06-21-2017
Moderator
Moderator
Posts: 69

How Security Incident Response (SIR) differ from Incident Management:

 

  1. SIR simplifies identification of critical incidents and provides workflow and automation tools to speed up remediation.
  2. With SIR, teams can create customized workflows based on your organization’s own security runbook to ensure company best practices are followed.
  3. With SIR, It’s Easier to view and track response tasks that run in parallel. The system will remind assignees if their tasks aren’t completed on-time per Service Level Agreement (SLA) thresholds, or it can escalate tasks if necessary.
  4. SIR will speed up response and allow your security team to spend more time hunting complex threats by automating basic tasks, including approval requests, malware scans, or the retrieval of running processes.
  5. SIR has a security knowledge base (KB) which adds additional information, and relevant KB articles are automatically associated with incidents for reference.
  6. With SIR, all activities in an incident lifecycle, from analysis and investigation to containment and remediation, are tracked in the platform. Once an incident is closed, assessments are distributed across the team and a time-stamped post-incident review is automatically created as a historical audit record.

 

 

 

 

In the attached documents you will find the templates for the ServiceNow integration in txt format. The templates are provided “as-is” and should be tested in your lab environment and modified as needed before implementing them into production.

 

The templates require extensible attributes described in the table below. It is recommended to inherit attributes with the default values from the network view level.

 

Extensible Attributes

Description

ServiceNow_LastIncidentSentAt

Provides the last time an asset sent an incident to ServiceNow.

ServiceNow_Add_Incident

True or False. Defines if an object should create an incident on ServiceNow.

ServiceNow_Event_ID

Provides the Incident number of the last Incident sent to ServiceNow.

ServiceNow_Location

Custom field. Determines the location field for the ServiceNow table upon creation.