Get a Demo
Smart SOAR Integration Spotlight: ServiceNow

Automated Incident Response with ServiceNow and Smart SOAR

Pierre Noujeim
Chapters
Automated Ticket Creation and Ongoing ManagementSecurity Incident ManagementRequest and Requested Item ManagementTakeaway

Effective IT service management is often determined by the speed and efficiency of response mechanisms. This article delves into how Smart SOAR’s integration with ServiceNow enhances various aspects of ITSM (information technology service management) through a suite of automated commands.

Automated Ticket Creation and Ongoing Management

For teams dealing with a high volume of IT issues, automating the ticket creation and status updates throughout an investigation can save hundreds of manual tasks throughout the week. This workflow makes it easy to generate ServiceNow tickets based on real-time events and update them as the incident severity and status changes.

Smart SOAR workflow for automated ticket creation and ongoing management using ServiceNow

Playbook Steps

  1. Create Ticket: Automatically generate a ServiceNow ticket based on the event details.
  2. Update Ticket Severity: To keep both platforms in sync, this command monitors the Smart SOAR incident severity and changes the ServiceNow ticket to reflect changes in real-time.
  3. Update Ticket Status: When the incident is closed in Smart SOAR, an update is made in ServiceNow to change the ticket status.

Read: Bi-Directional Sync with ServiceNow and Smart SOAR

Security Incident Management

Security incidents require immediate attention and a structured approach for effective resolution. This workflow focuses on updating security incidents with relevant events as they enter Smart SOAR.

Smart SOAR workflow for security incident management using ServiceNow

Playbook Steps

  1. Fetch Event: Capture events that are flagged as security incidents.
  2. Query Security Incidents: List existing security incidents to avoid duplication.
  3. Update Security Incidents: Update the incident record with new information or status.

Request and Requested Item Management

Handling service requests in a large organization can be cumbersome. This workflow aims to streamline the process by automating the creation and management of service requests and associated items within ServiceNow.

Smart SOAR workflow for requested item management using ServiceNow

Playbook Steps

  1. Get User Details: Retrieve details of the user making the request.
  2. Create Request: Generate a new service request based on user needs.
  3. Create Requested Item: Add specific items to the service request.
  4. Update Requests: Update the status and details of the service request as it progresses.

Takeaway

The Smart SOAR and ServiceNow integration brings a new level of efficiency to IT service management. By automating key tasks such as ticket creation, incident management, and request handling, IT teams can direct their focus towards resolution and strategic activities, thereby enhancing operational efficiency.

Pierre Noujeim

Pierre Noujeim is an Incident Response Researcher with a cyber security engineering background. Having implemented SOAR at enterprise organizations as well as for D3’s MSSP partners, Pierre has rich and varied insight into integrations, use cases and the cyber security vendor landscape. Pierre also represents D3 at analyst briefings, webinar workshops and industry conferences such as RSA and Black Hat.

Powering the World’s Best SecOps Teams

From bespoke MDR firms to the world’s largest brands and companies.

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.

Get Started