Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Security Incident Response - Get Running Services workflow

Security Incident Response - Get Running Services workflow

The Security Incident Response - Get Running Services workflow retrieves a list of running services from Windows-based, ServiceNow, configuration items (CIs). This workflow is used for incident enrichment during investigations.

Before you begin

Role required: sn_si.analyst

About this task

The Security Incident Response - Get Running Services workflow runs automatically when you add a new configuration item to a Windows security incident after the state changes to Analysis. The information this workflow obtains appears on the Show Enrichment Data tabs for the security incident.

Note: If the security incident remains in the Draft state, the Security Incident Response - Get Running Services workflow workflow does not run.
Workflow activities include:
Security Incident Response - Get Running Services workflow diagram

Procedure

  1. Open a security incident.
  2. Update the State to Analysis, if necessary.
  3. Add a Windows-based configuration item (server, laptop, or similar).
  4. Click Update.
    Security Incident Response provides running services information in the Related Links > Security Incident Enrichments tab. For more information, see Security Operations enrichment data mapping.

Changes to site functionality will be made starting around 6am on January 21st (Pacific Time) and lasting approximately 6 hours.  The site may be intermittently unavailable.