Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Security Incident Response properties

Security Incident Response properties

Security Incident properties allow you to configure how certain aspects of Security Incident Response function.

Security Incident Response adds the following properties.
Table 1. Security Incident properties
Property Usage
Default start time for all agents when no schedule is set, formatted as 08:00

sn_si.default.start.time

  • Type: string
  • Default value: 08:00
  • Location: Security Incident > Administration > Properties
Default end time for all agents when no schedule is set, formatted as 17:00

sn_si.default.end.time

  • Type: string
  • Default value: 17:00
  • Location: Security Incident > Administration > Properties
Include Destination type observables along with other context type observables in the security incident user and CI relationships

sn_si.link_dest_ip

Determines whether a security incident observable with a context type of Destination is displayed under the Configuration Items or Affected Users tabs. By default, observables with a Destination context type are excluded. To include these observables, choose Yes.
Allow customization when creating a Problem or Change Request from a Security Incident

sn_si.popup

When a problem or change is created, this property opens a pop-up window to modify the request.

If set to false, the problem or change request has the same priority, short description, and description as the security incident without the option to add or edit those fields.

  • Type: true | false
  • Default value: true
  • Location: Security Incident > Administration > Properties
Associate Sightings Search results with CIs in the CMDB.

sn_si.associate_ci_with_sighting_search

When set to true, sightings search results include associated configuration items that are in your cmdb.
  • Type: true | false
  • Default value: true
  • Location: Security Incident > Administration > Properties
Risk score in the range will be highlighted green, formatted as 0 - 49

sn_si.risk.score.green

In the Security Incidents list, security incidents with a risk score between 0 and 49 are marked with a green dot.
Risk score in the range will be highlighted orange, formatted as 50 - 79

sn_si.risk.score.orange

In the Security Incidents list, security incidents with a risk score between 50 and 79 are marked with an orange dot.
Risk score in the range will be highlighted red, formatted as 80 - 100

sn_si.risk.score.red

In the Security Incidents list, security incidents with a risk score between 80 and 100 are marked with a red dot.
This parameter enables or disables Sightings Search Configurations that have implemented this feature.

sn_si.enable_sighting_search

When set to true, sightings searches can be performed on activated integrations.
  • Type: true | false
  • Default value: true
  • Location: Security Incident > Administration > Properties
The number of rows of raw data that will be saved when a Sighting Search is performed. Range 0 - 100

sn_si.sighting_search_raw_data_rows

This property defaults to 50 rows of raw data. Half of the result rows are reported from the beginning of the search time frame and half from the end of the search time frame. So, if you select 50 rows, 25 come from the start of the search time frame and 25 from the end of the search time frame.
Assignment properties for Security Incident Response
Location Weight

sn_si.location.weight

A rating used when calculating the criteria to use for auto-assigning a security analyst. If, for example, location is considered for a task, the location weight value is added to the security analyst rating.
  • Type: integer
  • Default value: 10
  • Location: Security Incident > Administration > Properties
Skills Weight

sn_si.skills.weight

A rating used when calculating the criteria to use for auto-assigning a security analyst. If, for example, skills are considered for a task, the skills weight value is added to the security analyst rating.
  • Type: integer
  • Default value: 10
  • Location: Security Incident > Administration > Properties
Set the maximum number of security analysts that are processed by auto-assignment at a time

sn_si.max.agents.processed

The system has an absolute limit of 300 security analysts. If you specify more than 300, it sets the value to that level. The system cannot auto-dispatch a task for a dispatch group that contains more security analysts than the value configured.
  • Type: integer
  • Default value: 100
  • Location: Security Incident > Administration > Properties
Time Zone Weight

sn_si.timezone.weight

A rating used when calculating the criteria to use for auto-assigning a security analyst. If, for example, the security analyst time zone is considered for a task, the time zone weight value is added to the security analyst rating.
  • Type: integer
  • Default value: 10
  • Location: Security Incident > Administration > Properties
Amount of time (in minutes) to add between the end of a task and the travel start of the next.

sn_si.work.spacing

An example of a valid time value is 10.
  • Type: integer
  • Default value: 0
  • Location: Security Incident > Administration > Properties