[Music] in order to subscribe to my channel please click here or click here please share comment and like my videos and channel hey guys welcome to SAS with service now this is our new series of training for service now vulnerability response what is this course about in this course you will learn about one that ability response application of ServiceNow you will learn different functionalities of VR application you will learn how can you implement VR application in service now when I say VR VR is vulnerability response and then best practices of VR implementation who should do this course ServiceNow administrators ServiceNow developers ServiceNow professionals who wants to implement ServiceNow one inner ability response application for their customers our clients prerequisite now there's a prerequisite before you watch this training now you should have knowledge of basics of ServiceNow platform and then minimum six months of experience in ServiceNow administration and development now if I talk about ServiceNow they also recommend that you should also learn fundamentals of security operations because vulnerability response is the application of security operations suite course outline in this course we will learn about overview of security operations and vulnerability response preparation for VR application implementation we are data import and scanners Qualis integration vulnerability items and groups assignment and grouping discovered items vulnerability clatter leaders and then remediation target at the last we will learn about latest features we have in different versions of ServiceNow like New York and Orlando now this particular training all the practical examples will be shown in Orlando version which was released recently by ServiceNow enterprise security now before we start this training you should understand little bit about security because all servicing our developers they are they must not be from security background so it's it's it's better to learn little bit about what exactly what kind of security we are talking about so let us take an example but you have an organization as we have different organizations now in any organization you will definitely have IT systems in IT systems you might have different computers you might have different servers networks routers now if you would have the complete IT system in that case there is definitely possibility of risk and threats as well that means you can have threat attack virus security breaches that means third party other external people might might want to maybe attack your internal system they might want to hack your internal website now it might happen that there are lot of software's which are installed in in the employ of the in the computer of the employees in that case those vulnerabilities has to be resolved as soon as possible until someone attack now these are the things which are really required as part of the security perspective and that's called Enterprise IT security basically if we talk about the IT security now the threats and and and the possibility of the system we have it's like we have server we have computer we have Network and we have all other IT systems where we might have different vulnerabilities we can have different attacks somebody can enter into our internal organization IT system those are our different kind of attacks which we can have as part of our enterprise security and definitely we nobody wants in any organization to have those attacks breaches because we don't want any kind of vulnerabilities because our our data has to be secured it has to be prevented for external attackers so in that case we have different security tools so as you see on the screen that in this whole IT world we have different security tools now every organization might use different security tools however it might happen that not all security tools they are integrated with each other and they are running in silos in that case ServiceNow came up with a single solution where all the security tools when I say all the it it's not mean that every tool which you see on the screen can be integrated like integration can be done absolutely but they are a lot of like out-of-the-box integration there are some customized integration which we have to do but anyhow you can pull the data and then you can manage in ServiceNow and that's what we will learn today but as we are talking about security tools and we are talking about security we also have security operations and you must have this name from the security department may be from your IT security team now this security operations is basically is a process of monitoring identifying maintenance and management of IT systems so whatever IT systems you have we have to monitor them we have to identify if they have any kind of threats vulnerabilities viruses now that comes under security operations so it's kind of a process that they have to find different attacks different vulnerabilities and then they have to resolve it and it's not just about that you have to take some preventive measures so basically they have to be proactive so so they should not give any kind of opportunity from for for third party or external people to attack your systems and that's how this whole process is about then we have security operations suite from ServiceNow so as I was talking about different tools like these are some standard tools being used in security that is Splunk Qualis a rapid bright point now all these data and all these tools they have different data in their systems now we can import those data and we can put them into service now and then we can try to remediate or take action or whatever action we have to take as per the as for the process we have in in the IT security you can perform those option actions in ServiceNow Security Operations suite now as you can see on the screen this is ServiceNow the ServiceNow ecosystem where they have different products which they have implemented in ServiceNow so one of the product they have is security operations which is part of the security so the security operations suite has different applications as well like you can see we have security incident response vulnerability response threat intelligence trusted security circles that's part of the ecosystem but that comes under Security Response Security Operations suite of service now so security operations brings incident data from your security tools into a structured response engine that uses intelligent workflows automation and deep connection with ID to prioritize and resolve threats based on impact they pose to your organization now let me talk let me just tell you quickly that as you know that if your organization is using ServiceNow they must have whole ITSM system and ServiceNow and they must have CMDB now all these things are in service now however the security system is in outer world so in that case what exactly you are doing with the help of security operations suite you are bringing them all and then you are putting them in ServiceNow and you can also integrate them you can relate them with CMDB with incident change problem because you can you can have those integrations as well features of security operations suite that means features of security operations applications we have the first feature is identify prioritize and remediate vulnerabilities with vulnerability response application and that is what this training is about identify priorities and remediate critical security incidents with the security incident response application that's another application however this trace training is only about ability response application because as I mentioned under security operations you have different applications identify prioritize and remediate misconfigured assets with the configuration compliance application these are the features then we have access your companies a structured threat information expression data with the threat intelligence ocation and then we have access the security incident response and one durability response application from your mobile device that means you can you can you can check all all different security incidents and vulnerabilities track them and work upon it and that's what the feature of security operations suite of service now security operations applications now have I showed you there are different security operations applications and those are security incident response that is one of the application in ServiceNow then we have vulnerability response application configuration compliance threat intelligence and last we have trusted security circles now as it's a suite so these are the different applications which can be utilized to manage the security of your organization the first application we have is security incident response which is used to manage security incidents lifecycle and tracks progress of security incidents just to give you an example that for example if somebody attacked your system and one of your monitoring tool found that that there's a traffic coming from unknown maybe unknown source now it has to be tracked with an incident because that's kind of security incident in that case how can you track it because you have to find the root cause and then you have to resolve it in that case security incident response application will be utilized it is also have built an integration with third-party applications when I say third-party applications those are third party security applications the next application we have is vulnerability response for which we are going to talk about today and this whole series it is used to manage runner abilities of CMDB items that means whatever endpoints whatever IT systems whatever assets you have in your organization you can find the vulnerabilities for example you have computers now computer might have different software's maybe Chrome Adobe or any different software's now those software's might have some vulnerability in that case you have to remediate those vulnerabilities as soon as possible so that nobody else should attack your system there should not be any kind of security breach VR application it tracks the progress of remediation of vulnerabilities it is also integration with third-party scanners so like like security incident response we also have lot of tools in the market look which can find vulnerabilities in your system and then you can import those data into service now and just remediate them and overall it reduce the risk of attack then we have configuration compliance now this helps to aggregate scan results from integration with scanners like Qualis so they basically aggregate and analyze the results we get and that's reason the import policies tests are authoritative sources and technologies they also analyzed the test results next we have is threat intelligence threat intelligence basically analyzed threats it also integrates with si AR and VR application and basically it enhanced the information in Si AR and VR that is security incident response and vulnerability response and the last application we have is trusted security circles now this allows you and other users to generate and receive community sourced observables with the goal of improving threat prioritization and to shorten the time to identify and remediate threats so it's kind of a trusted like information so that you can prioritize the threats it is also like a communication channels that connect sets of trusted security circle customers who have some kind of underlying relationships that means with you with your organization may be partners vendors that's how you can make that trusted security circles you can manage those things in this application I will definitely post different videos for other application training however this training is basically focused on one er ability response application so let's talk about one er ability now what is vulnerability vulnerability is a weakness in the software operating system which can exploit an attack to your IT system that means you have an operating system it can be Windows Linux or whatever system you have maybe Microsoft in that you might have different software's and even you have Microsoft that's also a software so you might have some kind of threats even in Linux you might have some kind of threat some kind of one little bilities may be existing one even you have downloaded it from maybe trusted parties like Microsoft Microsoft is definitely trusted however there are different organizations they post different one level or one er abilities and you have to resolve them and how exactly you can resolve it maybe you can patch your system you can upgrade your system that's what they will provide you the solution however how can you track it that's what we have won the ability response what is vulnerability response so we learnt about what is one er ability now the process where you have to identify you have to classify and then you have to remediate that one durability that's called vulnerability response that means you have to respond to that vulnerability as soon as possible but before that you have to first identify it classify it and then you have to remediate it what is vulnerability response application now application in ServiceNow which helps in identifying vulnerabilities of infrastructure classify and prioritize them to remediate and resolve those vulnerabilities that's called vulnerability response application and that's what ServiceNow has developed that application so that organizations can manage track and remediate different vulnerabilities found in their systems vulnerability response terminology now before learning about vulnerability response application the important point is that you have to first learn some terms and terminologies so that at least you will come to know what exactly I am talking about during the training so the first term term we have is CVE that is common vulnerability and exposure it's kind of a it's kind of for information which different organization publish they publish the data that okay on this particular software there is existing vulnerability they expose that information that means this particular software is already exposed to one ability and that's called CVE data then we have CBS s and that's basically common vulnerability scoring system now there are some standards but we get any kind of vulnerability now even it's exist in your system you can identify how to ask for the scoring that how soon you have to resolve it so that you can decide the priority of resolving that vulnerability cwe that's common weakness enumeration now all the software weaknesses we have that that creates a record that is cwe common weakness enumeration for particular softwares maybe chrome or any different kind of softwares we have in the market those are installed in different systems this gives you a kind of a library library access so that you can see different weaknesses for different softwares then we have NV d NV d is national vulnerability database if you remember we talked about CVE common vulnerability and exposure now NV d basically comes from a different third-party organization that is called NIST which basically has a kind of a database has kind of a repository for different vulnerabilities like going in the market right now and that's what they keep on updating that data in the database and ServiceNow has already and out-of-the-box module which automatically fetches that data and keeps in ServiceNow so that you are aware of all the standard vulnerabilities which haven't published in the market by this organization and that organization is NIST it's a u.s. organization CVE I think we already talked about CVE then we have vg1 our ability krub now you might have different vulnerability and then for a particular endpoints when I say endpoints that means you might have those vulnerabilities maybe for different computers now there might be thousand and and maybe millions of computers in your organization however like it depends on the number of employees you have so maybe you have 50,000 and you have 50,000 vulnerabilities just an example for any particular software now you cannot solve because you might have different vulnerabilities as well on those computers in that case you have to group them when you group them they becomes vulnerable at each drop then we have VI so you will see a perm vulnerable item that is one liability item that means the one which I was talking about that release the the item the record which makes a relationship between a one-er ability and configuration item that becomes one liability item which shows you that what one ability is there for what record for what CI item then we have vulnerability calculators in this vulnerability calculators you can perform different calculations of scoring your vulnerability items as for the scores you get and that's was CVS's scores and this is like configurable in-service now and we will see it and we will learn it about it later then we have one little bility group rules now what exactly this is so you heard about vulnerability group now how exactly that grouping will happen how VI items that means vulnerability items will be grouped into VG that's what will be decided by one learnability group rules and then we have same thing with assignment rules because somebody has to remediate them for remediation those VG's those vulnerability groups have to be assigned to someone some team who can perform the remediation in that case you will have assignment rules because every organization has different kind of team structure so you can put those structure in the assignment rules then in what condition you want to assign those VG's to what things then we have discovered items now whatever data is being fetched for example from a scanner from third party system into ServiceNow and that third party finds different one reelabilities and four and those vulnerabilities are found for specific endpoints now when you import that data you also import the information about the endpoint those are configuration items of your organization now this discovered item table will show you that what all data you imported as part of the endpoints because koalas or different scanners they have their score own system where they find with the help of IP address and they have some some different attributes definitely it it might be possible those attributes are available in your CMDB as well but sometimes they're not available so that's the reason there's a different module which shows you the what all items we have discovered with the help of this scanner then we have CMD BCI lookup rule now we are talking about discovered items now what exactly happens if your system finds same kind of information in your CMD be then it does not create any CI however if the same information is not found then your system ServiceNow system will create that CI in that case CMD BC a lookup rule is very important and the reason behind it you can map the fields so it might happen that you are you're you your configuration management it's quite different you have different sources of data you are importing in service now in CMD B however whatever attributes you have in your scanner may be like Qualis we will talk about that as well but if you're importing the data and and that data is not being matched but you want to match it because that it is definite is somewhere in your one of the attribute of CMDB in that case you can create this lookup rules so what exactly will happen well while data will be imported it will check these rules and then perform the action accordingly so maybe it found the data it will not create it update it or and if does not found anything then it will create the racket that will be configuration item and what table how it will import how old it will create we will talk about it later because as of now we are just talking about the terminologies now one learnability responds application now this is the application we have in this particular training as I mentioned the V in Security Operations suite we have different applications now in this training in this series of training we will talk just about vulnerability response from now onwards because I just wanted to give you the background that what exactly this security terms are what what exactly this vulnerability terminology is what are the different terms we use that is really important to learn before learning this application so the application we have in service now that is vulnerability response application you can see we have this module so when you will enable this application you will see all these applications and modules we will talk about one by one of these modules that what exactly these modules are and what what exactly their utilization what what is the usage of these modules in this application so thanks for watching my video have a great day