Create a security incident response state flow

You can define the way security incidents transition from one state to the next. The state flow can be automatic or manual.

Before you begin

Role required: sn.si_admin and admin

About this task

The process for creating a security incident flow and a response task flow are the same.

Procedure

  1. Create the state flow.
    OptionDescription
    Create a security incident flow
    1. Navigate to Security Incident > State Flows > Security Incident Flows.
    2. Click New.
    Create a response task flow
    1. Navigate to Security Incident > State Flows > Response Task Flows.
    2. Click New.
  2. Fill in the fields, as appropriate.

    The system enforces the field controls with the same client script that filters the choice list for the State field.

    Table 1. Creating state flows
    Field Description
    Number Record number automatically generated by ServiceNow.
    Table Table on which the state flow record runs. Only tables that extend the Task [task] table are available in the list.
    Starting state Name of the state at the beginning of the flow.
    Ending state Name of the state at the end of the flow.
    Client script The client script handling settings in the Field Controls section of the form. This field is read-only until you have saved the record.
    Event Name of an existing event to trigger when this transition occurs.
    Name Name of this record. Make sure the name is descriptive of the state transition or the processing that the record is performing. This name does not have to be unique.
    Roles Not used for any processing.
    Active Check box to enable this state flow record.
    Class The state flow class for this record. The system selects one of these classes for security response state flows.
    • Security Incident Flow: Records created for state flows in the Security Incident Flow [sn_si_sf_incident] table. This class is available when security incident response is activated.
    • Security Incident Response Task Flow: Records created for state flows in the Security Incident Response Task [sn_si_sf_task] table. This class is available when security incident response is activated.
    Override Sets the starting value for the State field on all new records for the table named in the state flow record. This field is read-only until you have saved the record.
    Work notes Noteworthy comments about this state flow transition.
    Comment Details about the customized record.
  3. To create a manual transition:
    1. Click the Manual tab and fill in the fields as needed.
      Table 2. Manual tab fields
      Field Description
      Manual condition string Conditions for enabling a UI action that cannot be defined with the condition builder. For example, you can use this string to define UI actions for mobile devices. This condition has an [and] relationship with the condition in the Manual condition field.
      Manual condition Conditions for enabling a UI action that can be defined for fields in the target table. This condition has an [and] relationship with the condition in the Manual condition string field.
      Manual script Script that defines what the UI action does when the conditions are true. The script runs when the user clicks a button or a related link with the name entered in the UI action field.
      UI action Name of the button that the system creates to enable this transition. The system creates the label using the same name as the state flow record that created it.
      Manual roles The minimum roles required for manually running the UI action.
    2. Save the state flow record.
    3. Click Create UI Action to create a button on the task form that enables users to execute the transition manually. The system uses the value in the Name field as the label for the UI action. The UI action executes the script in the Manual Script field when the conditions are true. For example, a manual transition can create an Activate button when an incident is in the New state that enables a user to mark the incident as active.
  4. To create an automatic transition:
    1. Click the Automatic tab and fill in the fields as needed.
      Table 3. Automatic tab fields
      Field Description
      Automatic condition string Conditions for running the business rule that cannot be defined with the condition builder, such as evaluating if the proposed transition is a valid flow. This condition has an [and] relationship with the condition in the Automatic condition field.
      Automatic condition Conditions for running the business rule that can be defined for fields in the target table. This condition has an [and] relationship with the condition in the Automatic condition string field.
      Automatic script Script that performs additional work when the condition is true. This script can do tasks such as update the date and time the transition occurred or notify someone using email when a specific state change occurs. Automatic state transitions occur when changes are made to the task record.
      Business rule Name of the business rule created for this transition. Two conditions must be satisfied before this business rule can run: the task must be on a specific starting state, and the Automatic condition must be true. If both of these conditions are satisfied, the business rule performs the transition requested, using the starting and ending states from the State Flow form.
      Automatic roles The minimum roles required for running the business.
    2. Save the state flow record.
    3. Click Create Business Rule to create the business rule. The business rule executes the script in the Automatic Script field when the conditions are true. For example, a business rule created by the system can set an incident state to Assigned when the Assigned to field is populated. Business rules are automatically deleted when the state flow record is deleted.
  5. To control how specific fields display when a task record changes states:
    1. Click the Field Controls tab and fill in the fields as needed.
      Table 4. Field Controls tab fields
      Field Description
      Mandatory fields Makes the selected fields required when this transition occurs, or when the end state is the current state.
      Read only fields Prevents the selected fields from being edited when this transition occurs, or when the end state is the current state.
      Visible fields Displays the selected fields when this transition occurs, or when the end state is the current state.
      Not mandatory Makes the selected fields optional when this transition occurs, or when the end state is the current state.
      Not read only Makes the selected fields editable when this transition occurs, or when the end state is the current state.
      Not visible Hides the selected fields when this transition occurs, or when the end state is the current state.
    2. Save the state flow record.