3-Day Instructor-Led Training
ServiceNow Official Content
Available for Private Team Training
ServiceNow Exam Voucher included
#2536
ServiceNow Security Incident Response Implementation (SIRI) Syllabus
Course 2536
- Duration: 3 days
- Exam Voucher: Yes
- Language: English
- Level: Intermediate
This course covers Security Incident Response essentials such as What Security Incident Response is, why customers need Security Incident Response, and how to properly implement Security Incident Response.
Participants will learn the common technical aspects of a Security Incident Response implementation as well as experience various processes to effectively manage a Security Incident Response implementation. Additionally, participants will learn tactical skills and strategies which will better prepare them to implement Security Incident Response in a scalable, repeatable, and efficient manner.
ServiceNow Security Incident Response Training Delivery Methods
Online
Upskill your whole team by bringing Private Team Training to your facility.
ServiceNow Security Incident Response Training Information
Upon completion of this course, learners will be able to:
- Identify the goals of Security Incident Response (SIR)
- Understand and meet customer goals in an SIR Implementation
- Create Security Incidents
- Use and configure dashboards and reports
- Use the MITRE-ATT&CK framework in SIR
- Use the Security Incident Response Workspace
- Create and apply Security Tags
- Identify Calculators and apply Risk Scores
- Enhance Process Definitions and Selection
- Complete Post Incident Reviews
- Use SIR Automation Capabilities
Prerequisites
- Welcome to ServiceNow (On Demand)
- ServiceNow Administration Fundamentals (SNAF) Training
- Get Started with Now Create (On Demand)
- ServiceNow Platform Implementation Training
- ServiceNow Security Operations (SecOps) Fundamentals Training
Certification Information
Upon completion of this course, the candidate will be granted access to the voucher for the Certified Implementation Specialist - Security Incident Response (CIS-SIR) exam.
ServiceNow Security Incident Response Training Outline
Day 1
Module 1: Implementation Planning
Objectives
- Identify Goals of Security Incident Response
- Discuss how Security Incident Response Meets Customer Expectations
- Explain Security Incident Response Dashboards & Reports
- Identify Security Incident Response Components
Labs
- Lab 1.1 Initial Application Setup
Module 2: Security Incident - Form and Field Basic Configurations
Objectives
- Explore Security Incident Form Configurations
- Review Security Incident Record Lifecycle
- Explore Security Incident Risk Calculations and Configurations
- Discuss Security Incident Security Tag Configuration
Labs
- Lab 2.1 Security Incident Response Workspace
- Lab 2.2 Security Incident Process Selection
- Lab 2.3 Security Incident Calculator Groups
- Lab 2.4 Configuring Security Tags
Module 3: Incident generation Configuration
Objectives
- Explore Security Incident Service Catalog Configuration
- Discuss Security Incident Email Parsing
- Explain Security Incident User Reported Phishing Configuration
- Explore Security Incident Integrations
Labs
- Lab 3.2 Configure Email Parsing
- Lab 3.3 Use Case: User Reported Phishing
Day 2
Module 4: Playbook Configuration - Advanced Configuration
Objectives
- Configure Playbooks and Runbooks in the SIR Workspace
- Explain and Configure Post Incident Reviews
- Overview Now Assist for SecOps
Labs
- Lab 4.1 Configuration Security Incident Playbooks
- Lab 4.3 Post Incident Reviews
Module 5: Threat Intelligence Configuration
Objectives
- General Threat Intelligence Overview
- Explore MITRE – ATT&CK Configuration
Labs
- Lab 5.2 Leverage the MITRE-ATT@CK Framework
Module 6: Integrations supporting ServiceNow’s Security Incident Response
Objectives
- ServiceNow Store Overview
- Explore Integration Use Cases
- Discuss Capability Framework
- Explain how to create Custom Integrations
Labs
- Lab 6.3: Integrations and Capabilities
- Lab 6.4 Custom Security Incident Integration
Module 7: Other Supporting SecOps Applications
Objectives
- Overview of Major Security Incident Management
- Configure Major Security Incident Management
- Explore the Threat Intelligence Security Center Application
- Data Lass Prevention Application Overview
Labs
- Lab 7.2 Configuring Major Security Incident Response
Questions about this course?
Customise Your Team Training Experience
Fill out the form below or call 44 (0) 207 874 5000
Need Help Finding The Right Training Solution?
Our training advisors are here for you.
ServiceNow Security Incident Response Training FAQs
Once enrolled, ServiceNow University is available to everyone and provides users access to ServiceNow’s full range of training content, hands-on practice, certifications, and badges. Built on the Now Platform, Now Learning is the place for any ServiceNow user to learn, improve their skills, and share their accomplishments. Visit ServiceNow for more details.
Please see the Cancellation and Rescheduling Policy.
Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available online or as Private Team Training.
For instructor-led ServiceNow training courses which unlock an exam voucher, attendees and view their vouchers within ServiceNow University. Click your name in the top right-hand corner and select My Learning Profile and then the My Vouchers tab. Voucher codes are sent to the email address in your ServiceNow University account. Vouchers expire 1 year after the completion of the course, and the exam must be completed by the expiration.