Create a security incident state flow

Create a security incident state flow for automatic or manual transitions.

Before you begin

Role required: sn.si_admin and admin

About this task

The process for creating a security incident flow and a response task flow are the same.

Procedure

  1. Create the state flow.
    OptionDescription
    Create a security incident flow
    1. Navigate to Security Incident > State Flows > Security Incident Flows.
    2. Click New.
    Create a response task flow
    1. Navigate to Security Incident > State Flows > Response Task Flows.
    2. Click New.
  2. Fill in the fields, as appropriate.

    The system enforces the field controls with the same client script that filters the choice list for the State field.

    Table 1. Security Incident Flow and Security Incident Response Task Flow forms
    Field Description
    Number Record number automatically generated by ServiceNow.
    Table Table on which the state flow record runs. Only tables that extend the Task [task] table are available in the list.
    Starting state Name of the state at the beginning of the flow. The selections in this field are filtered by the possible states for the selected table.
    Ending state Name of the state at the end of the flow. The selections in this field are filtered by the possible states for the table selected.
    Client script The client script associated with any changes made in the Field Controls section of the form.
    Event Name of an existing event to trigger when this transition occurs.
    Name Name of this record. Make sure the name is descriptive of the state transition or the processing that the record is performing. This name does not have to be unique.
    Roles Not used for any processing.
    Active Check box to enable this state flow record.
    Class The state flow class for this record. The system automatically selects one of these classes for security response state flows.
    • Security Incident Flow: Records created for state flows in the Security Incident Flow [sn_si_sf_incident] table.
    • Security Incident Response Task Flow: Records created for state flows in the Security Incident Response Task [sn_si_sf_task] table.
    Override The starting value for the State field on all new records for the table named in the state flow record.
    Work notes Noteworthy comments about this state flow transition.
    Comment Details about the customized record.
  3. To create a manual transition:
    1. Click the Manual tab and fill in the fields as needed.
      Table 2. Manual tab fields
      Field Description
      Manual condition string Conditions that cannot be defined with the condition builder for enabling a UI action. For example, you can use this string to define UI actions for mobile devices. This condition has an [and] relationship with the condition in the Manual condition field.
      Manual condition Conditions for enabling a UI action, which can be defined for fields in the target table. This condition has an [and] relationship with the condition in the Manual condition string field.
      Manual script Script that defines what the UI action does when the conditions are true. The script runs when the user clicks a button or a related link with the name entered in the UI action field.
      UI action Name of the button that the system creates to enable this transition. The system creates the label using the same name as the state flow record that created it.
      Manual roles The minimum roles required for manually running the UI action.
    2. Save the state flow record.
    3. Click Create UI Action to create a button on the task form that enables users to execute the transition manually.
    The system uses the value in the Name field as the label for the UI action. The UI action executes the script in the Manual Script field when the conditions are true. For example, a manual transition can create an Activate button when an incident is in the New state that enables a user to mark the incident as active.
  4. To create an automatic transition:
    1. Click the Automatic tab and fill in the fields as needed.
      Table 3. Automatic tab fields
      Field Description
      Automatic condition string Conditions that cannot be defined with the condition builder for running the business rule, such as evaluating if the proposed transition is a valid flow. This condition has an [and] relationship with the condition in the Automatic condition field.
      Automatic condition Conditions for running the business rule, which can be defined for fields in the target table. This condition has an [and] relationship with the condition in the Automatic condition string field.
      Automatic script Script that performs additional work when the condition is true. This script can do tasks such as update the date and time the transition occurred or email someone when a specific state change occurs. Automatic state transitions occur when changes are made to the task record.
      Business rule Name of the business rule created for this transition. Two conditions must be satisfied before this business rule can run: the task must be on a specific starting state, and the Automatic condition must be true. If both of these conditions are satisfied, the business rule performs the requested transition, using the starting and ending states from the State Flow form.
      Automatic roles The minimum roles required for running the business rule.
    2. Save the state flow record.
    3. Click Create Business Rule to create the business rule.
    The business rule executes the script in the Automatic Script field when the conditions are true. For example, a business rule created by the system can set an incident state to Assigned when the Assigned to field is populated. Business rules are automatically deleted when the state flow record is deleted.
  5. To control how specific fields display when a task record changes states:
    1. Click the Field Controls tab and fill in the fields as needed.
      Table 4. Field Controls tab fields
      Field Description
      Mandatory fields Makes the selected fields required when this transition occurs or when the end state is the current state.
      Read only fields Prevents the selected fields from being edited when this transition occurs or when the end state is the current state.
      Visible fields Displays the selected fields when this transition occurs or when the end state is the current state.
      Not mandatory Makes the selected fields optional when this transition occurs or when the end state is the current state.
      Not read only Makes the selected fields editable when this transition occurs or when the end state is the current state.
      Not visible Hides the selected fields when this transition occurs or when the end state is the current state.
    2. Save the state flow record.

Result

Figure 1. Sample Security Incident Flow
Sample Security Incident Flow