A common challenge security operations centers face is competing remediation and recovery actions fast.
If the analyst has the authority to personally take action, this isn’t usually a problem. However, in many organizations, analysts don’t have unfettered power to make changes across the organization. Instead, analysts commonly submit a change request to the IT department to fulfill.
This flow makes perfect sense, since some actions, such as reimaging multiple machines, is time consuming and would be a suboptimal use of security analysts’ time. The impediment, for both IT and the SOC, is ensuring requests are communicated correctly and in an easily trackable manner.
To that end, Siemplify offers out-of-the-box integration with one of the most popular IT management systems on the market today: ServiceNow.
ServiceNow is used by organizations of all sizes to track, manage and monitor IT-related workflows and actions. Through the Siemplify integration all security investigation, response and recovery workflows can flow effortlessly into ServiceNow. In this short video, I explain how to make use of this integration and how it can help streamline workflows.
Incident Creation in ServiceNow
A typical scenario exists in many organizations where incident, or ticket, creation must occur when a potential security issue is validated. Automating this action in Siemplify is a breeze. All you do is from the ‘Actions’ section of the playbook designer, search for ‘ServiceNow,’ and you will see all the actions you can take.
With our pre-built integration, you can
- Add comments (and wait for a reply).
- Close incidents.
- Create alert incidents.
- Create records.
- Get incidents.
- Update incidents.
- Update records.
- Wait for a field update.
- Wait for a status update.
If you would like to add other actions from ServiceNow, no problem, you can use the Siemplify IDE to do it. To add any of these actions, you select the action and snap it into the playbook Each action will have its own configuration and outputs
With this simple integration, you can streamline the IT workflows associated with security investigation, response and recovery actions, ensuring everyone stays on the same page. For more information about our ServiceNow integration, or any of the more than 180 integrations, visit siemplify.co.
Steve Salinas is director of product marketing at Siemplify.