Using Security Operations, security analysts and vulnerability managers can seamlessly automate their security tools and communicate with IT by working in a united platform. This course is designed for Security Operations administrators, ServiceNow administrators, and consultants who need to configure and administer ServiceNow Security Operations applications. Learners attending the course can expect to learn how to leverage Security Operations applications to improve their organization’s security maturity by identifying, prioritizing, and remediating vulnerabilities, critical security incidents, and misconfigured assets.
ServiceNow SIR Implementation Course Information
In this course, you will:
- Demonstrate Baseline Security Incident Response Lifecycle
- Identify Security Incident Response Workflow-Based Responses
- Partner with Now Assist AI to summarize security incidents
- Partner with Now Assist AI to generate closure notes
- Configure Vulnerability Assessment and Management Response Tools
- Explore the Vulnerability Response Application
- Create Watch Topics and Explore Remediation Efforts
- Explore the Threat Intelligence Application
- Employ Threat Sources and Explore Attack Modes and Methods
- Define Observables, Indicators of Compromise (IoC), IoC Look Ups
- View and Analyze Security Operations Data
Prerequisites
ServiceNow SIR Implementation Course Outline
Module 1: Security Operations Overview
Objectives
- Learn the Current State of Security; Explore Security Maturity Levels.
- Discover the ServiceNow Security Operations application.
- Walk through a typical SecOps security Incident (Day in the Life).
- Explore Essential platform and security administration concepts.
- Learn the current state of security and explore Security Operations maturity.
- Explore Essential Platform and Security Administration Concepts.
Labs
- Lab 1.3 Security Operations User Administration
Module 2: Security Operations Common Functionality
Objectives
- Investigate Security Operations Common Functionality.
Labs
- Lab 2.3.1 Email Parser
- Lab 2.3.2 Security Operations Common Functionality
Module 3: Vulnerability Response
Objectives
- Overview of Vulnerability Response
- Explore Infrastructure Vulnerability Response
- Explore Application Vulnerability Response
- Explore Container Vulnerability Response
- Explore Vulnerability Exclusion Rules
- Explore Configuration Compliance
- Explore Security Posture Control (SPC)
- Explore Cybersecurity Executive Dashboard
Labs
- Lab 3.1 Explore the Vulnerability Response Application
- Lab 3.1.2 Explore Vulnerability Entries
- Lab 3.2.1 Explore Vulnerable Items and Solutions
- Lab 3.2.2 Watch Topics and Remediation Efforts
- Lab 3.2.3 Vulnerability Remediation
Module 4: Security Incident Response
Objectives
- Overview of the Security Incident Response Application
- View Security Incident Response Components and Configuration
- Explore Security Incident Response Workflow-Based Responses
- Explore Major Security Incident Management (MSIM) Workspace
- Now Assist AI for Security Operations
Labs
- Lab 4.2 Creating Security Incidents
- Lab 4.3.1 Security Incident Response Configuration
- Lab 4.4 Now Assist AI for Security Operations
Module 5: Threat Intelligence
Objectives
- Define ServiceNow Threat Intelligence
- Set Up Threat Sources
- Explore Attack Modes and Methods
- Understand Observables, IoCs and IoC Look Ups
- Explore Threat Intelligence Security Center
Labs
- Lab 5.3.1 Review and Update an Existing Attack Mode/Method
- Lab 5.3.2 Working with Indicators of Compromise
- Lab 5.3.3 Automated Lookups in Security Incidents
