Publication Date – October 25, 2021
To test your Bitsight for Security Incident Response by ServiceNow configurations, go to Bitsight for Security Incident Response ➔ Risk Vector Category Mappings. Check if the correct Security Incident category and subcategory are configured for the Compromised Systems risk vectors.
Risk Type Mapping
| Bitsight Risk Type | Category | Subcategory |
|---|---|---|
potentially_exploited |
Malware | C&C Communicated Outbound |
malware_servers |
Rogue server or service | None |
botnet_infections |
Malicious code activity | Botnet |
spam_propagation |
Spam source | Spam relay |
unsolicited_comm |
Reconnaissance activity | Port scanning |
In case these records are not created (i.e., the fix script failed), you can manually create these records as an admin user by clicking the New button on the list.
After the import jobs are run (either on schedule or immediately), go to Bitsight for Security Incident Response ➔ Bitsight Observations.