Eyeglass Solutions Publication

Servicenow Security Operations Incident Response Playbooks

Home

Security Edition ServiceNow Security Operations Incident Response Playbook Integration

Support Statement

NOTE: This documentation is provided "as is" without support for 3rd party software. The level of support for this integration guide is best effort without any SLA on response time. No 3rd party product support can be provided by Superna directly. 3rd party components require support contracts

Overview

This solution will create a security incident Playbook automations within Security Operations module within ServiceNow for customers that have this module installed and perform incident response from this module for their security operations. The playbooks use bidirectionally API support in Superna's Security Edition to issue API calls through ServiceNow Mid servers that operation on premise.

Architecture Overview

Features

Support 3 playbook use cases
1. Snapshot critical NAS data from within ServiceNow Security Operations incidents
2. Lockout NAS users from all data within ServiceNow Security Operations incidents
3. Unlock NAS users within ServiceNow Security Operations incidents

Prerequisites

Mid server deployed and operational
ServiceNow Security Incident Response model
Workflow Studio permissions to create playbooks
Update Set import permissions

Video Overview

How to Configure the ServiceNow Security Incident Response playbooks in Workflow Studio

Login to ServiceNow
1. System Update Sets > Retrieved Update Sets
Import the XML:
1. Use the "Import XML" button to upload the XML file you exported.
Commit the Update Set:Once the update set is imported, you can review and commit it, making the playbook available in the new instance.
Done

How to test the integrations ability to run playbooks

An Open Security Incident must exist.
Follow the video examples at the top of this integration document on how to run playbooks against SIR incidents.