To test your Bitsight for Security Incident Response by ServiceNow configurations, go to Bitsight for Security Incident Response ➔ Risk Vector Category Mappings. Check if the correct Security Incident category and subcategory are configured for the Compromised Systems risk vectors.
Risk Type Mapping
Risk Type:
potentially_exploitedCategory: Malware
Sub-category: C&C Communicated Outbound
Risk Type:
malware_serversCategory: Rogue server or service
Sub-category: None
Risk Type:
botnet_infectionsCategory: Malicious code activity
Sub-category: Botnet
Risk Type:
spam_propagationCategory: Spam source
Sub-category: Spam relay
Risk Type:
unsolicited_commCategory: Reconnaissance activity
Sub-category: Port scanning
In case these records are not created (i.e., the fix script failed), you can manually create these records as an admin user by clicking the New button on the list.
After the import jobs are run (either on schedule or immediately), go to Bitsight for Security Incident Response ➔ Bitsight Observations.
- October 25, 2021: Published.
Feedback
0 comments
Please sign in to leave a comment.