[Video tutorial] Incident enrichment to speed up your path to safety by Syra Arif - 12 minutes

Eric Feron · ‎08-01-2019

So you have setup Security Incident Response and Threat Intelligence?

Now follow the advice of Syra Arif, Senior Advisory Solution Consultant at ServiceNow to automate, accelerate and lower your risk profile. This 12-minute tutorial will help take you towards maturity level 2.

Syra Arif, Senior Advisory Solution Consultant, ServiceNow

------------------------------------------------------------

Video content:

00:30 Who is Syra Arif

00:50 What will we learn about today

01:50 Refreshers from previous episodes: maturity model and new customer path

02:44 From swivel-chair to automation

04:09 In-product demo. Integration, solutions catalog, Threat Intelligence providers, MSSP, SIEM, Security Incidents, Related Lists, Observables, Automated threat lookup, workflows, activity trail, manual creation of Observables, App store, speed up response time.

10:25 What to do right now
1- Turn on Threat Intelligence plugin,
2- Use the integration configuration catalog to connect to third party tools,
3- Search the ServiceNow documentation for instructions (start in Google Search),
4- Perform manual Threat Lookup the Threat Intelligence module to observe the automated enrichment.

--------------------------------------------------

Stay tuned for the next episode.

For questions and to download the PDF version of the slides.

Eric Feron · ‎08-13-2019

Hello all,

here is the path to success for new customers as it stands today:

Episode 1: Prepare your implementation

Critical steps to go fast: what you should do.

View the 23-minute video tutorial, download the guide and ask questions.

Episode 2: Implement

A 12 weeks cycle: how to stay on schedule.

View the 17-minute video tutorial, download the guide and ask questions.

Episode 3: You are live, now what?

Tune for best results

11-min video tutorial , slides and Q&A.

Episode 4: Finding the right partner for your journey

Don't go alone

16-min video tutorial, slides and Q&A.

Episode 5: Notifications

Get them right to be safe

16-min video tutorial, slides and Q&A

Episode 6: Vulnerability Response

Get started simply and quickly

15-min video tutorial, slides and Q&A

Episode 7: Incident enrichment

Leave no stone unturned

12-min video tutorial, slides and Q&A

Episode 8: Reports and Dashboards

Quickly the best out of them

13-min video tutorial, slides and Q&A

Episode 9: Training

What classes are right for your role

Document

randytangco · ‎09-10-2019

I am working for a gold partner and I am looking for a demo script to walk a customer through the capabilities of the secops application with the splunk integration to search additional sightings in Splunk and add them as observables or IoCs in a SIR. I looked at the partner portal and I don't seem to be able to find a reference to that. I know there is one because there is a demo instance that can be cloned. Is there a place to locate the said SecOps and maybe VR demo scripts?

drew_whittingto · ‎09-10-2019

Demo data, configurations, scripts and videos are now available to partners through the partner portal - no more cloning required. Here is a useful video regarding the process.

drew_whittingto · ‎09-10-2019

There is a list of ingestion videos including splunk out on youtube.

randytangco · ‎09-11-2019

Hello Drew,

Thank you for the feedback. I am looking for a script to walk through the customer using the personas described in the pre-sales deck.

cashmere · ‎09-11-2019

This tutorial is really interesting, thank you for sharing.