The Now Platform® Washington DC release is live. Watch now!
on 06-24-2019 12:17 PM
Hello Community,
Some great news for Security and Risk applications users running AWS workloads.
ServiceNow and AWS have expanded their partnership to provide security incident automation & orchestration to your security alerts coming from cloud infrastructure hosted in AWS.
AWS Security Hub provides customers with a single place that aggregates, organizes and prioritizes security alerts from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector and Amazon Macie, as well as from AWS Partner solutions. With this new partnership, Security Operations will provide data-driven and automated incident response to AWS customers. |
Once an alert is generated in Security Hub that meets defined criteria, an incident or ticket is created in Security Operations. For example, in Security Operations, threat lookups and observable enrichment are automatically run on the security incidents, and the operator can assign predefined workflows aligned to the incident category (e.g. malware, phishing, etc.). Analysts can also manually forward selected events on-demand from the AWS Security Hub console.
Using built-in workflows, ServiceNow then routes the incident to the correct personnel or response tools to contain the threat. Post-incident reporting, customizable dashboards and metrics help teams improve processes going forward and provide a view of the overall security posture.
If you are interested in joining the early adopter program, please sign up here.
The team will get in touch with you for next steps.
Demo:
I'm interested in this. However, I'm not sure if me as an individual could participate in this program. Kindly let me know if there is an option to participate. Thanks.
Hi Balaji - Thank you for your interest. We are primarily looking to work with customers/partners/prospects for exploring the use cases they have with performing incident response on their cloud workloads and taking inputs into the final design of the integration. If you can fill out the form and share details of what your goals are in participating in the program , we'll be able to move forward accordingly. Thanks.
Hi Deepak - Glad to hear back. I shall do that. Thanks for the response.
Yes, Please sign me up. We are ServiceNow Partner focus on providing services around ServiceNow security products (GRC and SecOPS). We have customers that currently using ServiceNow SecOPS with infrastructure running on AWS services. This will be of great value to them.
We unfortunately missed the window to request to participate in the early adopter program. Does this have an official release date?
Whats the situation with this these days?
I see an AWS connector for Securityhub to Incidents but not specifically to Secops SIR process flow.
For us we want to be able to create SIR tickets and not INCs. Is this possible with this plugin?
Cheers
conor