Your cart is empty.
Keep shopping
Teach on Udemy
Turn what you know into an opportunity and reach millions around the world.
Learn MoreUltimate ServiceNow Security Operations Course
Rating: 4.2 out of 54.2(225 ratings)
2,116 students
Ultimate ServiceNow Security Operations Course
Madrid 2019 and Utah 2023
Created byBrett DeHoag
Last updated 9/2023
English
What you'll learn
- ServiceNow Security Operations
- ServiceNow Security Incident
- ServiceNow Vulnerability Response
- ServiceNow Threat intelligence
- ServiceNow Security Operations Integrations
Explore related topics
Course content
7 sections • 84 lectures • 20h 5m total length
- Introduction7:03
Welcome to the ServiceNow Security Operations Course, in this course you will learn how Vulnerability Response, Security Incident, and Threat Intelligence work. Thank you for purchasing this class. I hope that this class is helpful and that you learn a lot of great things about ServiceNow Security Operations. This is not an official ServiceNow class.
- Free Developer Instance5:34
Learn how to get your own copy of a free ServiceNow developers instance.
- Additional Sources of Information4:44
Here are a couple of sources of additional information
https://docs.servicenow.com/
https://community.servicenow.com
- Activating Plugins in Madrid5:42
Learn how to activate plugins in Madrid
- Activating Additional Plugins2:11
Not all ServiceNow plugins can be activated from the tool, in this video I will show you how to activate plugins that are not found in the plugin list.
- Easy Way to Activate Plugins5:51
If you are unable to activate plugins in Madrid, then you can get a ServiceNow instance in Kingston or London. It is a lot easier to activate plugins in Kingston and London, if you want after activating the plugins, you can request that your instance be upgraded to Madrid.
- Activate Required Plugins and any Optional Plugins
- Creating a Security Operations Admin10:12
Learn how to create a user and group in ServiceNow, and how to assign the security operations admin roles to those users/groups.
- Security Operations Overview46:12
In this video we will cover the basics and look into the different modules that make up the Security Operations application.
- Vulnerability Response Overview19:54
In this video we will cover the basics of the Vulnerability Response application and how each module interacts with each other.
- Vulnerability Administration Setup Assistant54:28
- Vulnerability Roles and Groups18:10
Learn the difference between each of the Vulnerability Response roles, how to assign roles to groups, and how to create a new group.
- Vulnerability Integrations32:55
Learn how to setup and use some of the Vulnerability Response integrations. We will cover the following integrations:
Qualys
Rapid7
Shodan
Microsoft Solution Management
NVD
- Vulnerability Remediation Workflow33:57
We will deep dive into how the vulnerability remediation life-cycle works and how we can ensure that users don't close tickets prematurely.
- Vulnerability Exception Workflow27:34
Learn how users can request vulnerability extensions and exceptions. Also you will learn what happens after an extension or exception has been approved.
- Vulnerability Exception Approval Workflow35:28
See how the vulnerability exception workflow works and how we could edit it to fit our own needs. Also we will look at creating a new workflow for vulnerability response.
- Vulnerability Dashboards and Reports22:33
In this video you will learn about the different out of the box dashboards and reports for Vulnerability Response. We will also build a new dashboard and show how to create a new report.
- Vulnerability Tables and Application Menu11:15
Learn about the different tables that make up Vulnerability Response and see how to create a new application menu option.
- Vulnerability Business Rules, Scripts, Policies and ACLs30:25
Learn about various Business Rules, Clients Scripts, Script Includes, UI Actions, UI Policies, and ACLs that make up the Vulnerability Response application.
- Vulnerability Conclusion1:45
This is the end of our series of videos on Vulnerability Response. Thanks for watching!
- Security Incident Response Overview5:06
In this video we will cover the basics of the Security Incident Response application and how each module interacts with each other.
- Part 1 Security Incident Administration Setup Assistant27:49
In this video we will begin out walk through of the Security Incident Setup Assistant, which will guide us on properly setting up Security Incident Response.
Topics covered are:
Roles and Groups
Integrations
Escalations
- Part 2 Security Incident Administration Setup Assistant43:44
In this video we will continue to walk through the Setup Assistant as we configure Security Incident Response.
Topics covered are:
Calculator Groups
Risk Scores
SLAs
Process Definitions
Process Selection
Post Incident Review Assignment Rules
Security Incident Configuration
- Part 3 Security Incident Administration Setup Assistant43:29
Once again we will work through the Setup Assistant, so we can setup some automation in the Security Incident Response Application.
Topics covered are:
Email Parsing Inbox
Email Parsers for Alert Ingestion
Email Matching User-Reported Phishing
Inbound Email Actions
Runbooks
Workflows and Triggers
- Part 4 Security Incident Administration Setup Assistant7:29
There is a lot of setup with the Setup Assistant, but this is the last video around the Setup Assistant. We will cover the capability configurations.
- Part 5 Security Incident Administration Setup Assistant16:08
In this video we will show you how to change any administration using the administration module.
- Security Incident Catalog29:21
In this video you will learn about the Security Incident Catalog that is available for all ServiceNow users. The catalog allows any ServiceNow user the ability to submit a potential security incident or request.
- CMDB Information24:20
Learn why we need to have an accurate CMDB and why we need to capture information and attributes about our Configuration Items. Also learn how to add new fields and information to a Configuration Item.
- Security Incident Integrations28:13
Learn how to setup and use the Splunk integration for sending Splunk alerts to ServiceNow. We will also cover how to setup various other integrations for Security Incident. Many of the integrations that we will setup for Security Incident will also be used for Threat Intelligence.
- Security Incident Lifecycle1:11:07
In this video we are going to walk through a security incident, from time of detection to closing the security incident. We will show various workflows and how sub tasks can be created automatically or manually for other groups to take care of issues that arise from a security incident. Also we will do a walk through of the new Incident (New UI).
- Security Incident Categories and Sub Cateogories11:04
Learn how to add and/or remove security incident categorizes and sub categories.
- Security Incident Dashboard and Reports18:44
In this video you will learn about the different out of the box dashboards and reports for Security Incident Response. We will also build a new dashboard and show how to create a new report.
- Security Incident Tables and Application Menu11:26
Learn about the different tables that make up Security Incident Response and see how to create a new application menu option.
- Security Incident Business Rules, Scripts, Policies, and ACLs20:00
Learn about various Business Rules, Clients Scripts, Script Includes, UI Actions, UI Policies, and ACLs that make up the Security Incident Response application.
- Security Incident Conclusion1:42
This is the end of our series of videos on Security Incident Response. Thanks for watching!
- Threat Intelligence Overview2:17
In this video we will cover the basics of the Threat Intelligence application and how each module interacts with each other.
- Threat Intelligence Administration17:01
Learn how to setup the Threat Intelligence administration and see what information comes out of the box.
- Threat Intelligence Roles and Groups6:35
Learn the difference between each of the Threat Intelligence roles, how to assign roles to groups, and how to create a new group.
- Threat Intelligence IoC Repository16:09
Learn about the information in the IoC Repository, such as Attack Modes/Methods, Indicators, and Observables. Also learn how to add new data automatically and manually.
- Threat Intelligence External Intelligence21:03
In this video we will take a look at the data that comes into the External Intelligence and how it gets into there.
- Threat Intelligence Threat Sources11:21
In this video we will learn about the threat sources and what they do. We will also add a new threat source and see what data comes into ServiceNow.
- Threat Intelligence for Security Incident15:29
Learn how Threat Intelligence data is used in Security Incident Response, along with running some of our Threat Intelligence integrations.
- Threat Intelligence Dashboard and Reports10:36
In this video you will learn how to build a Threat Intelligence dashboard and how to create a new report. There are no out of the box dashboards for Threat Intelligence.
- Security Case Management21:37
In this video we will learn about what Security Case Management is, how it works, how we can build cases, and the benefits of creating security cases.
- Threat Intelligence Tables and Application Menu15:08
Learn about the different tables that make up Threat Intelligence and see how to create a new application menu option.
- Threat Intelligence Business Rules, Scripts, Policies, and ACLs19:20
Learn about various Business Rules, Clients Scripts, Script Includes, UI Actions, UI Policies, and ACLs that make up the Threat Intelligence application.
- Threat Intelligence Conclusion2:01
This is the end of our series of videos on Threat Intelligence. Thanks for watching!
- Course Conclusion2:37
Thank you for purchasing and watching this course! I hope that the information we covered was helpful and that you learned a lot about how ServiceNow Security Operations works.
- Getting a PDI3:56
Learn how to obtain and manage your own servicenow personal developer instance (pdi), including signing up, requesting an instance, upgrading releases, activating plugins, and keeping the sandbox refreshed.
- Activate Plugins7:33
- Upgrading your Instance0:44
Learn to upgrade your ServiceNow instance by selecting upgrade, applying the Vancouver patch zero-click upgrade, and awaiting the update, with email notifications when it finishes.
- Switching UIs4:38
Learn to customize personal preferences and switch between the new and classic UI in ServiceNow, including dark mode, date format, time zone, and page layout via a global system property.
- ATFs14:16
Learn how to use the automated testing framework (ATF) in ServiceNow to impersonate users, build test steps and suites, and run end-to-end security incident tests with automatic rollback.
- Uploading and Deleting VITS11:26
Export 10,000 vulnerable items as XML from one ServiceNow instance and import into another, then use a fixed script to bulk delete records if configuration item SIDs don't match.
- Application Vulnerable Items8:05
Learn how to manage application vulnerable items in ServiceNow, including scanning with Veracode and Fortify, assignments, remediation tasks, and configuring the application vulnerability response workflow.
- Application VITS UI Action Policy11:19
- Configuration Compliance16:16
Explore configuration compliance within vulnerability response, including test results, risk scoring, policy-based exceptions, and koalas integrations for automation, while distinguishing it from vulnerable items.
- Container Vulnerabilities5:44
Explore the container vulnerabilities workflow in the ServiceNow security operations course, from overview dashboards and Docker images to remediation tasks, exceptions, and Prisma Cloud Compute integrations.
- Manual Upload VIT Part 11:52
- Manual Upload VIT Part 210:49
Import a spreadsheet via manual upload to create vulnerability items, map severities, and align with the CMDB using CI lookup rules and NVD data, then route items by assignment rules.
- Vulnerability Patching and Workspace4:11
Explore patch management in ServiceNow, configuring patch updates, deploying patches to devices via remediation tasks, and scheduling patches for Microsoft vulnerabilities, even when integrations aren’t configured yet.
- Vulnerability Remediation Target Rule8:49
Learn how vulnerability remediation target rules determine remediation dates by using fields like last opened, first found, last found, or created, and manage rules such as critical seven day rule.
- Vulnerability Remediation Task Rules4:11
- Vulnerability Assessments5:43
Explore the IT remediation workspace in ServiceNow to manage vulnerability tasks, assign them, review solutions and patches, and initiate configurable exception requests or false positives with a built-in questionnaire.
- Vulnerability Exception Management5:51
Learn vulnerability exception management in ServiceNow security operations, configure policy and vulnerability response exceptions, set durations, design risk questionnaires, and navigate approval workflows and flow designer.
- Vulnerability Calculators (Scripting)19:17
- Vulnerability Workflow Part 115:02
- Vulnerability Workflow Part 221:27
Understand the vulnerability response workflow in ServiceNow, from remediation tasks and false positives to approvals, deferrals, and change requests, with guidance on vulnerability items and scanning integration.
- Vulnerability Pen Test Workflow10:56
Execute a pen test assessment request workflow in ServiceNow, capturing base details, assignments, scope, and findings to drive remediation of application vulnerabilities.
- Updating Security Incident Response Plugin3:33
Update the security incident response plugin using the new app manager, diagnose a Vancouver-specific installation error, and resolve it by switching to the classic plugin manager to complete the update.
- SIR Properties3:44
- SIR Phishing Email5:10
- Post Incident Review8:41
- SIR Workspace8:55
- SIR New UI5:02
Explore the security incident new UI, compare with workspaces, and learn to use quick filters, a one-ticket view, and integrated threat lookup for faster decisions.
- SIR Demo Data3:19
- SIR Process Definition4:42
Learn to troubleshoot ServiceNow state changes by watching a field to identify which business rule, ACL, or script blocks state transitions, and use this debug workflow to resolve issues.
- SIR Process Flow8:05
Learn to customize the security incident state flow by editing ServiceNow process definitions and script includes, controlling transitions among draft, analysis, open, recover, contain, eradicate, and close.
- Flow Designer9:15
- Virus Total Integration10:50
Set up the VirusTotal integration in ServiceNow to perform real-time threat lookups on observables and security incidents, using a public or enterprise API key.
- Threat Intelligence Integrations6:42
- OTX Threat Feed9:49
Configure a taxi profile and Alienvault Otcs threat feed in ServiceNow, enabling daily discovery and rest message integration. Import observables, and verify indicators with VirusTotal to enrich threat intelligence.
- MITRE Taxii Profiles8:44
Learn to configure Mitre Taxii profiles in ServiceNow, enable threat intel data imports from multiple feeds, and relate attack patterns, tactics, and mitigations to security incidents for faster response.
- Security Cases5:20
- Threat Repository15:07
Requirements
- Any ServiceNow instance
Description
Welcome to the Ultimate ServiceNow Security Operations course! Within this course you will learn how to use and begin to configure Vulnerability Response, Security Incident Response, and Threat Intelligence applications. You will also learn how to configure various security tools with ServiceNow. If you do not have a ServiceNow instance to practice on then don't worry, we will walk you through the steps to get your own FREE ServiceNow Developers instance. This course was made using the Madrid version of ServiceNow, but a lot of the features and items we discuss are also available on Kingston and London.
Updated videos have been added for Utah 2023 to show new functionality in Vulnerability Response, Security Incident Response and Threat Intelligence, along with general ServiceNow features. Make sure to get your ServiceNow Personal Developer Instance ASAP as ServiceNow may not have one available at the moment. Also, don't forget to refresh your instance every ten days other wise you risk your instance being reclaimed.
Welcome to the Ultimate ServiceNow Security Operations course! Within this course you will learn how to use and begin to configure Vulnerability Response, Security Incident Response, and Threat Intelligence applications. You will also learn how to configure various security tools with ServiceNow.
Who this course is for:
- Any one who wants to learn how to use ServiceNow Security Operations