[Music] hello my name is jason smith and i'm the outbound pm for itom visibility let's go through a little bit about firewall audits and reporting today we've actually got a lot going on in the paris release so the introduction of multi-source need to be in the service graph connectors where we are going to be connecting to multiple third parties to extract transform and load data into the cmdb type based and it's been there since orlando but it's still a very important feature with regards to getting services mapped fast and realizing time to value and then certificate inventory management where we are helping customers prevent outages due to expired certificates and overall improve the processes associated associated with certificate management and then firewall audits and reporting this is a new app that's what we're going to spend a little bit of time on today so traditionally with discovery and service mapping what we've been doing is getting data from somewhere else like the data center or public cloud bringing it back to cmdb and making it available for other servicenow applications on the platform in this case we have certificate inventory management firewall audits and reporting that are themselves workflow applications so you can see there's been a little bit of a strategic shift with regards to the overall capabilities of itom visibility auditing and reporting has three major components so first of all we are discovering the firewalls and for instance doing the inventory of the palo alto uh panoramic firewall manager where we bring back the devices the device groups the security policies that that firewall manager is managing we have an audit request flow so that we can give attestations for the policies themselves and also a request fulfillment process when you need a new firewall policy for instance an application owner may go to the request portal and ask for a port to be open so that the application can function as designed okay let's start in the request portal i would like to make a request to change a firewall rule search for it find my catalog item and there is a form that i can fill out to initiate the request so once i've made that request i can go into fulfiller mode and i can have a look at the number of open request tasks so here is the list for the request task so this was a request initiated from the service portal requested for able tutor the assignment group was the firewall rockstars and i can see that this request has already been approved and the change request has started so once you get to the implement stage in this process that's when you're going to need to go into the firewall manager itself and make the firewall rule they have a tagging mechanism so you should include this number in the tag itself and that way if you're in the firewall manager you can see where which change was associated with this particular policy and also we use that information on our side so that we can associate these rules with uh change and task request so we can always have really good tracking from that perspective part of this is the ability to audit the validity of the policies themselves so here i can see that i have 18 outstanding responses that means we've initiated an audit and there's certain tasks that haven't been accomplished yet take a look at the firewall insights the overall number of security policies and the unassigned policies so we really need to have these policies assigned to people so that they can be attested to so i could use this report go in here maybe filters or show matching and it's possible for me to go ahead and bulk update that so i can get these policies assigned to some people from from this perspective so i could update those four rows if i want alternatively if i was in security policies i may need to import some data for another place to go ahead and bulk update this assigned to column so i could do like this for update and create an excel template some of our customers are working in pretty complicated environments without sources and not everybody's going to have access to servicenow and it could be necessary to import some of this data from other sources so i'll show you how that looks so that creates a template and this is the template that needs to be filled out you can see it's got this id here so we could just do like this and you could save that and then go back in here and update i've got update selected it's got the sys id this is safe to do it this way preview the imported data scroll down complete the import then if i looked at my security policies i can see that the assigned to has in fact been updated okay so let's initiate an audit request go to the firewall managers click here and then i can initiate the audit request pretty simple form needs to be filled out when you're done with that press submit i've already done that so let's take a look at the auto requests are open okay so this is the overarching audit request if i scroll down here i can see that it has already been approved by the firewall administrator and there are a number of tasks that we need to respond to and then there are the excluded policies which tells us that we had policies that weren't assigned to people and so therefore there's no one right now that can attest to them but at least i've got good visibility about those policies also so they rectify that and they get those policies assigned to a person look at this this is quite good because we've got many different policies on one single form and the process really is around um answering these questions here taking these actions retain without changes retain the changes and delete you may get asked about exceptions to rules and we don't have a facility for that right now but it's something that can be done in the field please open up an enhancement request so we can attract that from the idea portal if it's coming up in your customer conversations so anyway work on that and then when you're done you eventually put it in the closed complete state and the dashboards are updated appropriately we are squarely in the workflow business with iton visibility it's not just certificate inventory and management it's also fire wallets and reporting using discovery we go out to the firewall managers discover the related devices device groups and the associated security policies and bring that information back to the cdb we use that information so that we can provide auditing capabilities this helps customers lower their risk profile and saves them a ton of time request fulfillment is an important part of the equation we can put slas on request fulfillment tasks if we need to change is ultimately done because of the request and we end up with a comprehensive tracking solution and a solution that really helps customers save a lot of time