Bitsight for Security Incident Response for ServiceNow: Testing the Configuration – Bitsight Knowledge Base

To test your Bitsight for Security Incident Response by ServiceNow configurations, go to Bitsight for Security Incident Response ➔ Risk Vector Category Mappings. Check if the correct Security Incident category and subcategory are configured for the Compromised Systems risk vectors.

Risk Type Mapping

Risk Type: potentially_exploited

Category: Malware

Sub-category: C&C Communicated Outbound

Risk Type: malware_servers

Category: Rogue server or service

Sub-category: None

Risk Type: botnet_infections

Category: Malicious code activity

Sub-category: Botnet

Risk Type: spam_propagation

Category: Spam source

Sub-category: Spam relay

Risk Type: unsolicited_comm

Category: Reconnaissance activity

Sub-category: Port scanning

In case these records are not created (i.e., the fix script failed), you can manually create these records as an admin user by clicking the New button on the list.

After the import jobs are run (either on schedule or immediately), go to Bitsight for Security Incident Response ➔ Bitsight Observations.

October 25, 2021: Published.

Risk Type Mapping

Related articles