Automated Incident Response with ServiceNow and Smart SOAR

Effective IT service management is often determined by the speed and efficiency of response mechanisms. This article delves into how Smart SOAR’s integration with ServiceNow enhances various aspects of ITSM (information technology service management) through a suite of automated commands.

Automated Ticket Creation and Ongoing Management

For teams dealing with a high volume of IT issues, automating the ticket creation and status updates throughout an investigation can save hundreds of manual tasks throughout the week. This workflow makes it easy to generate ServiceNow tickets based on real-time events and update them as the incident severity and status changes.

Playbook Steps

1. Create Ticket: Automatically generate a ServiceNow ticket based on the event details.
2. Update Ticket Severity: To keep both platforms in sync, this command monitors the Smart SOAR incident severity and changes the ServiceNow ticket to reflect changes in real-time.
3. Update Ticket Status: When the incident is closed in Smart SOAR, an update is made in ServiceNow to change the ticket status.

Security Incident Management

Security incidents require immediate attention and a structured approach for effective resolution. This workflow focuses on updating security incidents with relevant events as they enter Smart SOAR.

Playbook Steps

1. Fetch Event: Capture events that are flagged as security incidents.
2. Query Security Incidents: List existing security incidents to avoid duplication.
3. Update Security Incidents: Update the incident record with new information or status.

Request and Requested Item Management

Handling service requests in a large organization can be cumbersome. This workflow aims to streamline the process by automating the creation and management of service requests and associated items within ServiceNow.

Playbook Steps

1. Get User Details: Retrieve details of the user making the request.
2. Create Request: Generate a new service request based on user needs.
3. Create Requested Item: Add specific items to the service request.
4. Update Requests: Update the status and details of the service request as it progresses.

Takeaway

The Smart SOAR and ServiceNow integration brings a new level of efficiency to IT service management. By automating key tasks such as ticket creation, incident management, and request handling, IT teams can direct their focus towards resolution and strategic activities, thereby enhancing operational efficiency.

Pierre Noujeim

Pierre Noujeim is a Product Marketing Manager with a cyber security engineering background. Having implemented SOAR at enterprise organizations as well as for D3's MSSP partners, Pierre has rich and varied insight into integrations, use cases and the cyber security vendor landscape. A dedicated product marketer, Pierre represents D3 at analyst briefings, webinar workshops and industry conferences such as RSA and Black Hat.

• linkedin
• email
• book a demo

Why Smart SOAR is the Best SOAR for Slack

What’s New in Smart SOAR (November 2023 Release)