444 views

Helsinki enhancements | Security Operations


New applications and changes


This article covers new features and notable changes in Security Operations in Helsinki.

Note: This is a summary of Helsinki features and enhancements. For full details and the most up-to-date information, see Helsinki Release Notes in the ServiceNow Product Documentation.





Security Operations enhancements


New and enhanced features for Security Operations include:

EnhancementDescription and Requirement
Security Incident Response - Dashboards for CISO and Security Manager Enables chief security officers and security managers to view dashboards that target specific security metrics based on criticality, service impact, or SLAs related to their roles.
Security Incident Response - Affected users added to security incidents

Allows you to manually add affected users to security incidents.

Security Incident Response - Business Criticality calculator Provides a business criticality calculator that uses an aggregate of other severity calculators to calculate the potential impact on your business that is posed by a security incident or vulnerability.
Security Incident Response - Generic transform map

Enables new fields exposed in the Security Incident table to be auto-populated without needing to modify the import definition.

Security Incident Response - Splunk integration Provides integration with Splunk via a Splunkbase application letting security analysts and responders create events or incidents in Security Incident Response. This function enables teams to collaborate on the downstream response to an incident while tracking all the runbook responses and hand-offs in ServiceNow Security Operations.
Vulnerability Response - Vulnerability-centric view and remediation Enables you to review and address vulnerabilities as an aggregated grouping of CIs. This grouping facilitates enhanced bulk response actions on entire groups of CIs to accelerate the remediation of vulnerabilities.
Vulnerability Response - Time-boxed acceptance of vulnerabilities with approval workflow Allows each vulnerability to be ignored for a specific amount of time, so you can defer addressing it or accept the risk.
Vulnerability Response - SLA support for vulnerable items and vulnerabilities Provides examples of SLAs associated with both vulnerable items and vulnerabilities. The examples include deadlines based on the severity of the vulnerabilities.
Vulnerability Response - Integration with external vulnerability scanners Adds a framework for integrating with external vulnerability scanners, including a reference implementation for the Qualys vulnerability scanner. Scans from these scanners can be requested from within Vulnerability Response.
Vulnerability Response - Business Criticality calculator Provides a business criticality calculator that uses an aggregate of other severity calculators to calculate the potential impact on your business posed by a security incident or vulnerability.
Threat Intelligence ServiceNow Threat Intelligence is a new application in the Helsinki platform release. Threat Intelligence integrates with ServiceNow Security Operations to include an Indicator of Compromise (IoC) threat table that is linked to security incidents and configuration items or assets. For more information, see Threat Intelligence.

 

Additional resources


For more Helsinki enhancement and requirements, see:

 

 

 

 

 

Article Information

Last Updated:2016-05-30 12:52:07
Published:2016-04-28