PARTNER INTEGRATION

ServiceNow

Visit their site

ServiceNow (NYSE: NOW) is making the world of work, work better for people. Our cloud-based platform and solutions deliver digital workflows that create great experiences and unlock productivity for employees and the enterprise.

Integrated Dataminr Products
Agentic Threat Intelligence Platform
Continuous Control Monitoring with Risk Quantification
Investigation Insights

Continuous Control Monitoring with Risk Quantification (RQ) App for ServiceNow GRC

The Continuous Control Monitoring with Risk Quantification (RQ) App for ServiceNow GRC natively integrates the data-driven, AI-powered cyber risk quantification capabilities of the Dataminr Continuous Control Monitoring with Risk Quantification (RQ) Platform directly in ServiceNow GRC, enabling CISOs and their teams to define the impact of cyber risks in financial terms, enabling effective communications and decision-making with business stakeholders, executives, and directors.

Dataminr RQ is the only cyber risk quantification tool that combines high-fidelity data with AI-powered analytics to produce defensible financial impact estimates of cyber risks. ServiceNow GRC benefits from Dataminr RQ’s approach to supporting various use cases, such as performing cyber risk assessments with quantitative results, measuring the financial risk exposure from the security control compliance state in ServiceNow GRC, and understanding the financial loss mitigation opportunities associated with control improvements.

This app can be found in the ServiceNow store here.

Key Features

ServiceNow customers will be able to seamlessly calculate their financial risk to cyber attacks and see which controls should be improved based on the greatest financial risk.

Requirements

System Requirements

GRC: Profiles
GRC: Policy and Compliance Management
GRC: Risk Management
GRC: Advanced Risk

servicenow risk quantifier app RQ mitigations

ServiceNow Playbook

The ServiceNow Playbook App provides users with a set of actions to work with ServiceNow table records and attachments. These actions provide the key building blocks for automating processes between Dataminr and ServiceNow. The following actions are available:

  • List Table Records
  • Get Table Records
  • Create Table Records
  • Update Table Records
  • Add Attachment

This app can be found in the Dataminr App Catalog under the following name: ServiceNow

ServiceNow Orchestration

The Dataminr Activity Pack provides a set of activities that can be leveraged from ServiceNow Orchestration workflows to interact bidirectionally with Dataminr’s API and Playbooks. These activities provide a broad set of functionality that can be used for automating processes associated with security operations and incident response. Think of it as predetermined automation actions that will allow ServiceNow analysts like you to interact with Dataminr in a variety of ways:

  • Create Dataminr Incident – This activity creates an Incident in Dataminr
  • Create Dataminr Indicator – This activity creates an Indicator in Dataminr
  • Get Dataminr Incident – This activity retrieves an Incident from Dataminr
  • Get Dataminr Indicator – This activity retrieves an Indicator from Dataminr
  • Filter Dataminr Indicators – This activity retrieves multiple Indicators from Dataminr
  • Dataminr API Client – This activity provides general-purpose access to the Dataminr API
  • Run Dataminr Playbook – This activity triggers a Dataminr Playbook with an HttpLink Trigger

This app can be found in the ServiceNow store under the name: Dataminr Activity Pack for Orchestration

*This app now supports Q version

ServiceNow Security Operations

The Dataminr app for ServiceNow Security Operations provides Threat Lookup and Observable Enrichment capabilities against Dataminr intelligence and analytics collections. These features give analysts working inside ServiceNow the information they need to get relevant and actionable insights from intelligence sources within the Dataminr Platform. The app contains the following actions:

  • Enrich Observables
  • Provides detailed context from Dataminr in an enrichment table
  • Perform Threat Lookups
  • Produces Malicious or Unknown Rating automatically

This app can be found in the ServiceNow store under the name: Dataminr for Security Operations

ServiceNow SIR with Investigation Insights

Investigation Insights’s ServiceNow Security Incident Response (SIR) Integration allows the lookup of ServiceNow security incidents (e.g. SIR00000012), and Observables including IP addresses, CVE’s, web domains, file hashes and e-mail addresses against your instance of ServiceNow. Enabling analysts to quickly understand what security incidents there are, the status of those incidents, and how indicators are related to the security incidents.

ServiceNow with Investigation Insights

The Investigation Insights – ServiceNow integration enables analysts to quickly search indicators and tickets in ServiceNow to have immediate awareness on where an indicator or ticket is in process. Allowing analysts to quickly have a complete picture of where in process something and how that indicator might be effecting their network.

The ServiceNow integration is customizable to work for any companies workflow. If there are additional tables or fields that are required.

Examples

ServiceNow Data Overview

  • Summary Tags: When an analyst runs a ticket search in ServiceNow, they can quickly see the status of the ticket. If an analyst is searching for a domain or an IP then the analyst will know the number of associated tickets.
  • Ticket Details: When an analyst clicks to view the details, they can quickly look at the ticket information. They can find information about the criticality, descriptions, when it was opened etc.
  • Opened Information: Analysts can also see who opened the ticket to get an understanding of the urgency.
  • Assigned Information: Analysts can also understand who the ticket is assigned to understand if anyone is currently working on it.

Looking for Integration Not Shown

Contact Us