Security Operations common functionality Whenever any of the plugins for the main Security Operations applications (Security Incident Response, Vulnerability Response, Threat Intelligence, or Trusted Security Circles) are activated, the Security Support Common plugin is activated. This plugin loads various modules that provide functionality that is common across all Security Operations applications. Note: Only users with the Security Support Common Admin role [sn_sec_cmn.admin] can view and use the Security Operations module. This role is inherited when you are assigned an administrative role in any of the Security Operations applications. Create and define filter groups in Security OperationsCreate and use filter groups to locate records from any table on your instance. For example, you can create a group of all computers by the same manufacturer. You can also filter configuration items (CIs) that have similar vulnerabilities or that fall within a particular subnet IP address range. Shared data transformationThe Security Incident Response, Vulnerability Response, and Threat Intelligence plugins share common features, for relationship data and duplication rules, used to import external and internal information into Security Operations. Security Operations email processingUse Email Processing to set up the integration of information from external detection systems, provide granularity in processing security operations records, handle unmatched emails, and prevent the duplication of records.Security Operations field mappingSecurity Operations tables can be mapped to and from other tables, linking a security incident to a customer service case, or a problem to other parts of the Security Operations application.Security Operations field value transformsTransforms unique customer field values into field values recognized by Security Operations for email parsing, data enrichment, and for tables using field maps. Supports choice fields and references, and transforms external data so that it uses the standard terminology and formatting necessary for your new record. Security Operations enrichment data mappingEnrichment Data Mapping transforms data from XML, JSON, or Properties files to ServiceNow records. Security Operations workflows use enrichment data maps to provide output data to security incidents. Security Operations user-defined escalationYou can create an escalation path for security incidents for issues that requires more attention or expertise. Once you create an escalation group, a button appears on any security incident in that group. Security Operations workflow triggersSecurity Operations workflow triggers contain a condition in a table. All workflows attached to the trigger run when that condition in a record is met. Create domain-separated property overridesWhen you use domain separation, you can create overrides to the existing Security Operations properties that allow you to customize the functions of applications in each of your domains.Set up security tag groups and tagsYou can assign tags to security incidents, response tasks, vulnerable items, observables, IoCs, and security cases to create metadata on the responding record and define who should have access to specific types of security content. The tags can be added to security groups to organize them.Security annotationsA security annotation is a note of explanation or comments added to a configuration item, observable, or on a security incident.Search Security OperationsYou can find information quickly in any Security Operations application using the search icon in the screen header. Zing is the text indexing and search engine that performs all text searches in your instance.Security Operations Integration ReferenceDevelopers and ServiceNow partners can use the information in this section to gain understanding of the under-the-hood functionality of third-party integrations, including development guidelines, integration capabilities, and workflows.Security Operations OrchestrationUsers can interact with and retrieve data from Windows or UNIX-based systems and environments using activity packs and workflows in Security Operations Orchestration. Components installed with Security Support CommonSeveral types of components are installed with Security Support Common. The components provide common functionality for use across the various security applications, such as Security Incident Response.