Scan for incorrect security definitions
-
- UpdatedAug 1, 2024
- 1 minute read
- Xanadu
- Platform Security
Run the Auditor to scan your instance and find incorrect security definitions. It provides findings you can correct to help improve the security posture of your instance.
Instance Security Center (ISC) has reached the end of sales as of September 2024, and is no longer supported or available for new activation.
ServiceNow Security Center (SSC) is the recommended solution going forward. For more information, see Instance Security Center to ServiceNow Security Center migration.The Auditor performs a “full-body” assessment of your instance health that analyzes your system configuration. For security scans, it compares your current security configuration to best practice definitions, and to security property compliance values.
- Are the appropriate security-related properties set?
- Is the High Security plugin enabled?
- Do the right access control rules exist?
Run the Auditor and analyze scan results
- To run the Auditor, click Audit on the Instance Security Center home page.
- When it completes, open Scan Results to review and analyze the security findings.
- To review the detail for a specific scan result, double-click the result number. This information includes its status, scan type, execution time, and error messages.
- Each of the Auditor findings contains resolution details, and a URL to product content about how to address them. Follow the documented guidelines to resolve the issues in each of the findings.
On this page
Related Content
- Instance Security Center to ServiceNow Security Center migration
Learn the key differences when migrating from Instance Security Center (ISC) to ServiceNow Security Center (SSC).
- Monitor security events
Analyze the event metrics in your instance so that you can identify and prevent potential security events.
- Check the daily compliance score and configure security property settings
Review the Daily Compliance Score metric and security configuration properties to see if your instance complies with the suggested security requirements. You can affect the daily compliance score by updating non-compliant security properties in the Hardening Compliance Configurations page.
- Monitor instance metrics
Monitor user, export, authentication, email, and antivirus metrics for your instance. For example, you can monitor your email security by checking metrics for spam, external emails, and inbound emails from untrusted and trusted domains for your instance. Analyze these metrics to look for anomalous security behaviors that are related to activities that take place in your instance.
- Activate the ISC Virtual Agent interface
If you have the admin role, you can activate the ISC Virtual Agent Conversations plugin (com.glide.isc_virtualagent). Activating this plugin installs the Virtual Agent and Natural Language Understanding (NLU content packs, providing Virtual Agent access from the Instance Security Center.
- Hardening settings
The ServiceNow, Inc. Security Center hardening settings content contains detailed descriptions and compliance values for the security-related system properties and plugins in the ServiceNow AI Platform. You can set these properties using the hardening settings app in the Security Center.
- Enable High Security Plugin [Updated in Security Center 1.3]
When you activate the High Security plugin, it creates or updates hundreds of different configurations to control the level of security on your instance. These configurations mitigate many of the top OWASP attacks by enabling strict access control, input validation, and output encoding.
- Access Control List Rules
Rules for access control lists (ACLs) restrict access to data by requiring users to pass a set of requirements before they can interact with it.