To test your Bitsight for Security Incident Response by ServiceNow configurations, go to Bitsight for Security Incident Response ➔ Risk Vector Category Mappings. Check if the correct Security Incident category and subcategory are configured for the Compromised Systems risk vectors.
Risk Type Mapping
Risk Type:
potentially_exploited
Category: Malware
Sub-category: C&C Communicated Outbound
Risk Type:
malware_servers
Category: Rogue server or service
Sub-category: None
Risk Type:
botnet_infections
Category: Malicious code activity
Sub-category: Botnet
Risk Type:
spam_propagation
Category: Spam source
Sub-category: Spam relay
Risk Type:
unsolicited_comm
Category: Reconnaissance activity
Sub-category: Port scanning
In case these records are not created (i.e., the fix script failed), you can manually create these records as an admin user by clicking the New button on the list.
After the import jobs are run (either on schedule or immediately), go to Bitsight for Security Incident Response ➔ Bitsight Observations.
- October 25, 2021: Published.
Feedback
0 comments
Please sign in to leave a comment.