ServiceNow® Security Operations (SecOps) brings data from your security tools into a structured response engine that uses intelligent workflows, automation, and a deep connection with IT to prioritize and resolve threats based on the impact they pose to your organization. Many organizations struggle with identifying security threats and vulnerabilities, prioritizing them, and coordinating with IT to remediate them. Using SecOps, security analysts and vulnerability managers can seamlessly automate their security tools and communicate with IT by working in a unified platform.

The SecOps applications and workflows fall under two broad categories:

• Attack Surface Management – Applications and tools that help you anticipate, understand, and close your vulnerabilities.
• Enterprise Security Case Management – Applications and tools that help you move quickly to respond to security incidents.

This resource library focuses on enterprise security case management. View the attack surface management resource library here.

Enterprise Security Case Management Solutions, Features & Descriptions

• Security Incident Response (SIR) manages the lifecycle of a security incident from creation through analysis, containment, eradication, recovery, and review.
• The Threat Intelligence (TI) application allows users to collect and store Structured Threat Information Expression (STIX) data received through integrations with third-party malware-detection software packages and Threat Intelligence Feeds.
• The Data Loss Prevention Incident Response (DLP IR) application enables you to review and manage the remediation workflow of DLP incidents from multiple sources, such as endpoint, network, email, and cloud.
• Major Security Incident Management (MSIM) is a solution to track and manage the various activities typically part of resolving a major security incident.
• Threat Intelligence Security Center (TISC) is a threat intelligence platform for aggregation, management and operationalization of threat intelligence.
• Now Assist for SecOps enables security analysts to use intelligent workflows and ServiceNow generative AI skills to help them resolve security incidents.
• The Security Incident Response Workspace is a reimagined interface that provides a next-gen user experience for security analysts and SOC managers to manage security incidents.
• The Security Incident Response Health Dashboard provides a centralized view of critical aspects related to SIR process implementation, issues/errors encountered, and performance metrics. It serves as a vital tool for monitoring and optimizing the effectiveness of an organization's SIR capabilities.
• A Playbook is a series of steps and tasks that address the process for remediating a specific type of security incident or event.
• Security Incident Calculators update record values when pre-defined conditions are met. The calculators are grouped based on the criteria used to determine how the records are updated.

Resources

To help you understand the capabilities of many SecOps solutions and how to use them, please see the resources below. Please bookmark this article, as we will update it when new content becomes available. Whether you’re just getting started with SecOps or you need a refresher, this list of resources has something for everyone!

SecOps Overall Get Started with SecOps Applications Webinar – Need help getting started with SecOps? This on-demand webinar will help you understand SecOps applications, key resources, and the next steps you can take in your SecOps implementation journey. SecOps Welcome Guide – This article serves as a comprehensive guide to how you can get started with SecOps solutions. SecOps Quick Start Guide – This article provides a quick overview of the SecOps solutions and highlights key resources to get started. Transform Security Operations – This demo provides a 30,000’ view of the SecOps offerings that ServiceNow provides, including the following: Security Incident Response, Threat Intelligence, Major Security Incident Management, and Vulnerability Response. Recommended Training for SecOps – This community post includes a curated list of recommended learning for SecOps customers. ServiceNow Webinar Library: Security ServiceNow Demo Center: Security Operations ServiceNow Store: Security Operations Applications

Security Incident Response (SIR) QuickStart Guide for Security Incident Response and Resources for Enterprise Security Case Management Success with SIR Webinar Series Recordings SIR Demo – Optimize and Orchestrate Enterprise Security Operations What’s New in Security Incident Response May 2024 store release Security Incident Response Learning Bytes The all-new Security Incident Response Workspace is now live on store! Render flow based playbooks in the new SIR Workspace Security Incident Response (SIR) Workspace Bootcamp Knowledge base links for Support and Troubleshooting Security Incident Response (SIR) and its integrations

Now Assist for SecOps Now Assist for Security Operations is Generally Available! Demo Video: Introducing Now Assist for SecOps On-Demand Webinar: Learn How AI Optimizes Security Operations and Response

Threat Intelligence Security Center (TISC) TISC Demo Video TISC Implementation Bootcamp Threat Intelligence Security Center (TISC) is Generally Available now! Announcing the launch of Threat Intelligence Security Center (TISC) On-Demand Webinar: Understand Threat Intelligence Security Center's Value to your Organization

Major Security Incident Management (MSIM) MSIM Welcome Guide MSIM Demo: How ServiceNow MSIM Helps Streamline Collaboration When Dealing With Major Security Incidents MSIM Implementation Bootcamp Highlights of New Features in Major Security Incident Management (May 2024)! Major Security Incident Management v3 is Now Live! MSIM Webinar Recording and Resources (Tips for Successful Deployment) Videos to Configure Conference Calling in Major Security Incident Management (Teams, Zoom, WebEx) Major Security Incident Management: Getting Started Guide + Video Configuration Walkthrough

Data Loss Prevention Incident Response (DLP) DLP Demo Video Webinar: Data Loss Prevention: Increase Visibility and Accelerate Response to Internal Threats with DLP Incident Response