Bitsight for Security Incident Response by ServiceNow Integration Guide Ingrid The Bitsight platform has an integration with the Bitsight for Security Incident Response application* by ServiceNow. It is certified and available for download in the ServiceNow App Store.One of the biggest pain points in Security Posture Management (SPM) is the time it takes to track down and remediate newly detected Compromised Systems events. With this integration, you can: Immediately and painlessly plug the Bitsight Compromised Systems data into existing cyber incident response workflows in ServiceNow. Rapidly remediate by eliminating the need for a slow and manual (often email/spreadsheet based) step between the Bitsight data and your security team. Focus on more strategic security needs by freeing up resources from time consuming, manual integration tasks. Highlights See Compromised System risk vector findings in the Bitsight for Security Incident Response application, and then directly access the Findings Table. Does a best match between the assets in a customers Configuration Management Database (CMDB) to link security incidents to related systems. Leverage closed-loop workflows in ServiceNow for a better, faster, and a more efficient task hand-off and coordination of security responses. Refer to the following guide to integrate the Bitsight Security Ratings Platform and the Bitsight for Security Incident Response application by ServiceNow.Requirements A supported version of ServiceNow. The Bitsight for Security Incident Response solution. Have an Admin role in ServiceNow. Instructions Go to the Bitsight platform and retrieve your Bitsight API token. Use a Company API token to prevent existing integrations from breaking if certain user accounts are deleted. In the Bitsight for Security Incident Response application, assign a x_bisit_secops_int.bitsight_secops_admin role to a user. Go to the Application Configuration module. Enter your Bitsight API token to the “API Token” field. Check if the API token is set correctly by selecting the Test API Connection button. See testing the configuration. Select the Company GUID button to automatically populate your company’s unique identifier. Configure the max age of observations to import from the Bitsight platform. This is also for triggering security incidents and tasks. Configure whether security incidents are to be created from observations. Configure whether Bitsight Secops Tasks are to be created from observations. Configure the max retention age of observations. Leave as 0 to prevent cleanup. Go to the Observations Import Schedules page. Open the Bitsight Observations Import record. Run: Set the run frequency (recommended daily). Time: Set the import time as desired. Run as: Set the correct user (existing active user with x_bisit_secops_int.bitsight_secops_admin role). Leaving this blank results in a failure during the creation of Security Incidents from Business rules. October 25, 2021: Separated Testing the Configuration section to its own page. November 11, 2019: Published. Related articles Bitsight for Security Incident Response by ServiceNow Bitsight for IT Service Management by ServiceNow: Integration Guide Bitsight for Security Incident Response for ServiceNow: Testing the Configuration About ServiceNow Supported Versions for ServiceNow Integrations Feedback 0 comments Please sign in to leave a comment.