Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Security Incident Response overview

Log in to subscribe to topics and get notified when content changes.

Security Incident Response overview

The Security Incident Response overview provides an executive view into security incident activity, allowing security managers to quickly pinpoint areas of concern. Additionally, when the Security Incident Analytics plugin is activated, users with certain roles can view data of interest to the Chief Information Security Officer (CISO).

The Overview module displays security incident information that is tailored to the role of the user. In each chart, you can hover over any part of a chart (bar, pie, data point, etc.) to view general data specific to that part, as shown below. If you click on any part of a report, a list opens to provide detailed information.
Sample report from Security Incident Manager Overview

Security Incident Manager Overview

Users with the Security Incident Administrator and Security Incident Manager roles view the Security Incident Manager Overview. It contains the following reports in the base system.
Table 1. Security Incident Manager Overview reports
Name Visual Description
Team Critical Security Incidents Single score The number of critical security incidents assigned to the team.
Team High Security Incidents Single score The number of high security incidents assigned to the team.
SLAs expiring within 24 hours Single score The number of SLAs that will expire within the next 24 hours.
Risk vs. Severity Heatmap The distribution of security incidents assigned to the team by risk and severity.
Security Incidents by CI Class, last 3 months Bar chart The count of security incidents assigned to the team by configuration item class.
Trend of All Security Incidents Trend Plots the count of the number of security incidents received by category or priority.
Unauthorized Access Security Incidents Bar chart Displays the types of security incident categories received over time.

Security Analyst Overview

Users with the Security Incident Analyst role view the Security Analyst Overview. It contains the following reports in the base system.
Table 2. Security Analyst Overview reports
Name Visual Description
My Critical Priority Work Single score The number of critical security incidents assigned to me.
My High Priority Work Single score The number of high security incidents assigned to me.
My SLAs expiring within 24 hours Single score The number of SLAs assigned to me that will expire within the next 24 hours.
Security Incidents assigned to me Bar chart Security Incidents assigned to me by incident state or category.
Work assigned to me by Type Bar chart Security tasks (incidents, tasks, or requests) assigned to me by type or priority.
Security Incidents, Requests, Tasks assigned to me List A list of all security incidents, security requests, and tasks assigned to me/

Security Incident CISO Overview with Security Incident Analytics activated

When the Security Incident Analytics plugin is activated, users with the Security Incident CISO and System Administrator roles view the Security Incident CISO Overview. The following CISO reports are provided in the base system.
Table 3. Security Incident CISO Overview reports (with Security Incident Analytics activated)
Name Visual Description
New Security Incidents This Week Single score The number of new security incidents received in the current week.
Security Incidents Closed This Week Single score The number of security incidents closed in the current week.
New Security Incidents (Running 7 Days) Single score The number of security incidents opened within the last 7 days.
Security Incidents Closed (Running 7 Days) Single score The number of security incidents closed within the last 7 days.
Daily New Security Incidents vs. Closed Security Incidents Trend New and Closed security incidents counts over time by day.
Weekly New Security Incidents vs. Closed Security Incidents Trend New and Closed security incidents over time by week.
Security Incident Close Code Trend Full count of closure codes over time.
Security Incident Business Criticality Treemap Business services with security incidents with available groupings by business criticality.

Security Incident CISO Overview without Security Incident Analytics activated

When the Security Incident Analytics plugin is not activated, users with the Security Incident CISO and System Administrator roles view the Security Incident CISO Overview. The following CISO reports are provided in the base system.
Table 4. Security Incident CISO Overview reports (without Security Incident Analytics activated)
Name Visual Description
New Security Incidents This Week Single score The number of new security incidents opened in the current week.
Security Incidents Closed This Week Single score The number of security incidents closed in the current week.
New Security Incidents (Running 7 Days) Single score The number of security incidents opened within the last 7 days.
Security Incidents Closed (Running 7 Days) Single score The number of security incidents closed within the last 7 days.
Weekly New Security Incidents Trend The new security incidents opened on a weekly basis.
Weekly Closed Security Incidents Trend The security incidents closed on a weekly basis.
Security Incident Close Codes Trend Security incident close codes over time.
Business Services with Security Incidents - Business Criticality Treemap Business services with security incidents with available groupings by business criticality.
Feedback