ServiceNow

The Risk Quantifier (RQ) App for ServiceNow GRC natively integrates the data-driven, AI-powered cyber risk quantification capabilities of the ThreatConnect Risk Quantifier (RQ) Platform directly in ServiceNow GRC, enabling CISOs and their teams to define the impact of cyber risks in financial terms, enabling effective communications and decision-making with business stakeholders, executives, and directors.

ThreatConnect RQ is the only cyber risk quantification tool that combines high-fidelity data with AI-powered analytics to produce defensible financial impact estimates of cyber risks. ServiceNow GRC benefits from ThreatConnect RQ's approach to supporting various use cases, such as performing cyber risk assessments with quantitative results, measuring the financial risk exposure from the security control compliance state in ServiceNow GRC, and understanding the financial loss mitigation opportunities associated with control improvements.

This app can be found in the ServiceNow store here.

Key Features

ServiceNow customers will be able to seamlessly calculate their financial risk to cyber attacks and see which controls should be improved based on the greatest financial risk.

Requirements

System Requirements

GRC: Profiles
GRC: Policy and Compliance Management
GRC: Risk Management
GRC: Advanced Risk

The ServiceNow Playbook App provides users with a set of actions to work with ServiceNow table records and attachments. These actions provide the key building blocks for automating processes between ThreatConnect and ServiceNow. The following actions are available:

• List Table Records
• Get Table Records
• Create Table Records
• Update Table Records
• Add Attachment

This app can be found in the ThreatConnect App Catalog under the following name: ServiceNow

The ThreatConnect Activity Pack provides a set of activities that can be leveraged from ServiceNow Orchestration workflows to interact bidirectionally with ThreatConnect’s API and Playbooks. These activities provide a broad set of functionality that can be used for automating processes associated with security operations and incident response. Think of it as predetermined automation actions that will allow ServiceNow analysts like you to interact with ThreatConnect in a variety of ways:

• Create ThreatConnect Incident – This activity creates an Incident in ThreatConnect
• Create ThreatConnect Indicator – This activity creates an Indicator in ThreatConnect
• Get ThreatConnect Incident – This activity retrieves  an Incident from ThreatConnect
• Get ThreatConnect Indicator – This activity retrieves an Indicator from ThreatConnect
• Filter ThreatConnect Indicators – This activity retrieves multiple Indicators from ThreatConnect
• ThreatConnect API Client –  This activity provides general-purpose access to the ThreatConnect API
• Run ThreatConnect Playbook – This activity triggers a ThreatConnect Playbook with an HttpLink Trigger

This app can be found in the ServiceNow store under the name: ThreatConnect Activity Pack for Orchestration

*This app now supports Quebec version

The ThreatConnect app for ServiceNow Security Operations provides Threat Lookup and Observable Enrichment capabilities against ThreatConnect intelligence and analytics collections. These features give analysts working inside ServiceNow the information they need to get relevant and actionable insights from intelligence sources within the ThreatConnect Platform. The app contains the following actions:

• Enrich Observables
• Provides detailed context from ThreatConnect in an enrichment table
• Perform Threat Lookups
• Produces Malicious or Unknown Rating automatically

This app can be found in the ServiceNow store under the name: ThreatConnect for Security Operations

Polarity's ServiceNow Security Incident Response (SIR) Integration allows the lookup of ServiceNow security incidents (e.g. SIR00000012), and Observables including IP addresses, CVE's, web domains, file hashes and e-mail addresses against your instance of ServiceNow. Enabling analysts to quickly understand what security incidents there are, the status of those incidents, and how indicators are related to the security incidents.

The Polarity - ServiceNow integration enables analysts to quickly search indicators and tickets in ServiceNow to have immediate awareness on where an indicator or ticket is in process. Allowing analysts to quickly have a complete picture of where in process something and how that indicator might be effecting their network.

The ServiceNow integration is customizable to work for any companies workflow. If there are additional tables or fields that are required.

Examples

ServiceNow Data Overview

• Summary Tags: When an analyst runs a ticket search in ServiceNow, they can quickly see the status of the ticket. If an analyst is searching for a domain or an IP then the analyst will know the number of associated tickets.
• Ticket Details: When an analyst clicks to view the details, they can quickly look at the ticket information. They can find information about the criticality, descriptions, when it was opened etc.
• Opened Information: Anlaysts can also see who opened the ticket to get an understanding of the urgency.
• Assigned Information: Analysts can also understand who the ticket is assigned to understand if anyone is currently working on it.