[Music] please subscribe to my channel and click on the bell icon to get the regular updates of my channel and do not forget to like comment and share hello everyone welcome to sas with servicenow service now provides products and services in different areas like i.t finance and hr even in it servicenow has applications related to itsm itom itbm and security in security servicenow provides security operations suite which is focused on the applications related to security world and in this series you will learn about security operations in servicenow platform and its different applications this training is not related to implementation of cycops applications in servicenow we will just learn in details about the features of all different applications we have in security operations and how exactly they work in servicenow platform since computer world has started there has been challenges for the organizations to maintain cyber security organizations spend a lot of money to make sure that their systems are 100 percent secured and no one has unauthorized access to their data organizations also struggle to identify vulnerabilities present in their systems which overall expose their systems to threats organizations also uses different security tools which can secure their network and systems scan vulnerabilities secure authentication secured data transfer scan viruses and different systems these different systems mostly work independently as they provided by different companies and if i say there is a platform which can integrate with all of these different tools and enable your security team to manage and track all security threats and activities together in one single system of racket and that platform is service now servicenow provides an i.t product called as security operations which is focused to provide applications which can help organizations to manage their security issues and activities and provide expedited solutions effectively what is security operations operations in any organization deals with security issues encountered in the network if i talk about servicenow security operations then it brings incident and vulnerability data from different security tools into a structured format in servicenow servicenow uses automation and workflows to prioritize and resolve threats based on the impact assessment performed by security agents you can utilize the power of security operations in servicenow which also depends on the license you have opted however basic flow of security operations in servicenow has some steps which makes it more effective to manage security issues end to end and the first step is to use servicenow discovery application to find applications and devices on your network and then update the service now configuration management database that is cmdb and the next step is to integrate your security in the event management tool with servicenow to import thread data which can create security incidents automatically and then you can use the power of workflows and secop applications like sir and vr to prioritize events securities incidents and vulnerabilities you can enrich data using threat intelligence application and utilize some machine learning features you can use grc or configuration compliance application to continuously monitor and identify enterprise and i.t risks which may impact business operations you can also automate remediation of different issues and vulnerabilities another major capability is that you can see detailed information about the progress and status of your security operations via different reports and dashboards if you have id and security running separately then servicenow will be able to help you to enhance this communication between these two as both the teams can use single platform to manage the operation one of the important feature of security operations is that you can secure security data from it teams while working on the same platform so you also have incident data change data and some different data as well but if i talk about specifically for security operations data in servicenow or whatever rackets it creates you can definitely keep it secured from other it teams like other it teams who are not part of security world security operations applications servicenow security operations product comes with five major applications security incident response vulnerability response configuration compliance threat intelligence and trusted security circles security incident response application is used to track and manage life cycle of security incidents it can be integrated with third-party systems like thread detection system and security event management system data can be enriched from different security systems and automation can be done with workflows or flows example of security incident is access of internal website by an unidentified ip address or phishing email received by multiple users vulnerability response vulnerability response application is used to track and manage vulnerabilities found in different systems of organizations vulnerability response is integrated with nvd and can be integrated with third party vulnerabilities scanner like qualis it is also integrated with other servers now modules like knowledge and change vulnerability is a weakness in any system due to some software for example old version of chrome browser which is exposed to security threat and should be updated with new version configuration compliance configuration compliance is used to track and manage compliance issues related to different systems it supports ingestion of scan results from integrations with configuration scanning applications such as qualis cloud platform you can prioritize and remediate non-compliant configurations a compliance in a system means a configuration in a system which is not configured as per the policies defined in the organization threat intelligence threat intelligence application allows you to find indicators of compromise ioc and enrich security incidents with fed intelligence data it can support the integration with external feeds threat intelligence also provides security case management application which is used for analyzing threats to your organization trusted security circles trusted security circles application allows you and other users to generate and receive community sourced observables which can be in the form of ip address hashes domains urls etc this application enables organization to improve threat prioritization and decrease the time to identify and remediate threats security operations terminologies in this tutorial you might encounter lot of terms which are related to security we will talk about all those major terminologies related to security operations before we proceed with detailed sessions which you will see in further videos first one is security incident a security incident is an incident which is created to address an event which can be related to security threat or vulnerability in ite systems next is vulnerability vulnerability is a state of a system which is exposed to the possibility of being attacked if you have old version of any software like adobe or google chrome which has possibility to be attacked means that system has vulnerability threat threat is a risk which can be which can potentially harm computer systems and organizations inbound security requests requests which can be submitted for normal security request like security badge request or usb port opening request which has low impact to security post incident activities once security incident is resolved you need to review the activities performed during the resolution with timelines for the incident response tasks you can assign different tasks to teams associated with a security incident for tracking actions in response to the threat security incident calculators it is a configuration to calculate severity and impact of security incident as per predefined values threat lookup a request submitted from the security incident catalog for scanning files urls and ip addresses for malware vulnerability scan a request for scanning different systems of organizations like servers computers and other configuration items for vulnerabilities mithray m-i-t-r-e it is a u.s non-profit organization which provides knowledge base of adversary tactics and techniques used in development of specific threat models and methodologies in cyber security product cve common vulnerability and exposure it is a dictionary of publicly known information security vulnerabilities and exposures it gives you information about what different software has known vulnerabilities cvss common vulnerability scoring system it is an open framework for communicating the characteristics and severity of software vulnerabilities that how you can calculate the severity of different types of vulnerabilities you will have in the system that's how that's a baseline for calculation cwe common weakness enumeration it is a list of community developed software weakness types that if we have different types of softwares then what kind of weaknesses they have that you can find with cwe discovery models software models used to help normalize the software you own by analyzing and classifying models to reduce duplication nvd national vulnerability database which is a u.s government repository of standards-based vulnerability management data represented using the security content automation protocol it's just a repository which tells you the information about different uh different systems have different kind of vulnerabilities threats basically possible threats nist national institute of standards and technology now this promotes innovation and industrial competitiveness by advancing measurement science standards and technology it gives you basically tells you about the standards that how whatever system you have in technology in id how that standard should be this gives you kind of a parameter for for following those standards that's this kind of organization which supports and provides different standards and best practices you can say in into different technologies vulnerable items when a ci has vulnerability then relation between ci and vulnerability is vulnerable item next is vulnerability groups multiple vulnerable items are grouped together on the basis of some criteria called as vulnerability groups which are basically assigned to different teams are remediated as well next is vulnerability calculators configurations to calculate severity risk and impact of vulnerability as per predefined values qualis qualis is a third-party tool which provides cloud security and compliance related services and if i talk about a vulnerability and configuration compliance application you get the feed basically qualis monitors your environment for and discover different types of vulnerabilities and and configuration issues and those are feeded into service now and managed via vulnerability response application and configuration compliance application sticks stix structured threat information expression which is a language and serialization format used to exchange cyber threat intelligence cti stixx is open source and free allowing those interested to contribute and ask questions freely it is kind of open platform you can say taxi t-a-x-i-i trusted automated exchange of intelligence information it is an application protocol for exchanging cti over https and cti is cyber threat intelligence observable observable is a suspicious change to your computer or network so any change happened but it is it is suspicious that becomes an observable citing the detection of an observable that's called citing in next video you will learn about security incident response please provide your comments for any question or feedback and if you think i'm able to enhance your learning experience and service now then do not forget to like and share the video and subscribe to my channel thanks for watching