Security incident

The Security Incident command, snsecincident, creates a new Security Incident in your ServiceNow instance.

The example below defines the required parameters, as well as some additional data, and shows the result (no error message) after a successful run.

Figure 1. Search & Reporting for an incident
New search for an incident
Parameter Required Use
short_description Yes A short, one line description of the incident.
category No The category of the security incident. If this category does not exist, it will be created.
subcategory No The subcategory. If this subcategory does not exist, it will be created.
cmdb_ci No The affected resource (server or configuration item) for the security incident. Ideally, this will map to an existing CI within ServiceNow.
description No The longer, detailed description of the incident.

There are many possible useful columns – anything in the Security Incident transform map may be used, and if new columns are added to the security incident, they too may be used here, as long as they are in the transform map. Some useful columns: location, priority, assignment_group, assigned_to, affected_user, attack_vector, and watch_list.