Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Edit a security incident observable list

Edit a security incident observable list

You can edit which observables in the list associated with a security incident to display.

Before you begin

Role required: sn_si.basic

Procedure

  1. Navigate to Security Incident.
  2. Choose an incident.
  3. Click Security Incident Observables related list tab.
  4. Click Edit.
  5. Add or remove observables from the list. Create a filter for long lists.
    Edit observables list example
  6. Click Save.
    Note: When you add an observable to the security incident, the system checks for any other configuration items or users associated with it. The Related Configuration Items and Related Users related list tabs are updated accordingly. Also, if the Threat Intelligence plugin is activated, and you have at least one integration implementation activated, the Security Operations Integration - Threat Lookup capability executes one or more workflows, and threat security lookups are performed on the observables you added. The results appear in the Threat Lookup Results tab.