Course
digicode: SNSIRI
ServiceNow: Security Incident Response (SIR) Implementation
Course facts
- Identifying the goals of Security Incident Response (SIR)
- Understanding and meeting customer goals in an SIR Implementation
- Creating Security Incidents
- Using and configuring dashboards and reports
- Using the MITRE-ATT&CK framework in SIR
- Using the Security Incident Response Workspace
- Creating and applying Security Tags
- Identifying Calculators and apply Risk Scores
- Enhancing Process Definitions and Selection
- Completing Post Incident Reviews
- Using SIR Automation Capabilities
1 Security Incident Response Overview and Data Visualization
Starting the course, you will identify the key goals, customer expectations, and components that make up a Security Incident Response program, alongside an overview of data visualization.
2 Security Incident – Form and Field Basic Configurations
This module dives into the essential configurations of the Security Incident form, including its lifecycle, risk calculations, and the use of security tags.
3 Incident generation Configuration
Configuration for incident generation is explored by looking at the Service Catalog, the parsing of emails, setting up user-reported phishing, and initial integrations.
4 Playbook Configuration - Advanced Configuration
Furthermore, the advanced configuration of Playbooks and Runbooks in the SIR Workspace is covered, along with implementing Post Incident Reviews and an overview of Now Assist for SecOps.
5 Threat Intelligence Configuration
An exploration of Threat Intelligence is provided, specifically detailing a general overview and the configuration of the MITRE – ATT&CK framework.
6 Integrations supporting ServiceNow’s Security Incident Response
Next, attention shifts to integrations by discussing the ServiceNow Store, various use cases, the Capability Framework, and instructions on creating custom integrations.
7 Other Supporting SecOps Applications
Lastly, the course concludes with an overview of Major Security Incident Management, the Threat Intelligence Security Center, and the Data Loss Prevention Application.
In this two-day interactive course, you will work directly on the ServiceNow platform using your personal training instance preloaded with practical test data. Through a continuous scenario, you will simulate real-world situations and learn how to handle them efficiently.
This course is designed for anyone working on the implementation of Security Incident Response (SIR) in ServiceNow, particularly:
- Process owners who strategically drive their respective business areas.
- Technical consultants and administrators who configure, develop, or support SIR applications.
- IT project, program, or engagement managers who lead the implementation of SIR in ServiceNow.
- Operations managers who oversee business processes supported by SIR.
Take a look at the «Welcome to ServiceNow» and «Get Started with Now Create» courses, which you can attend on demand.
Additionally, we recommend attending the following courses beforehand:
Upon completion of the course, ServiceNow recommends gaining at least two to three months of practical experience before taking the «Certified Implementation Specialist – Security Incident Response (CIS-SIR)» exam. This ensures that you consolidate your knowledge and are optimally prepared.
Detailed information regarding the exam process can be found in the official Exam Blueprint. By successfully passing the certification, you officially demonstrate your expertise as a «Certified Implementation Specialist – Security Incident Response (CIS-SIR)».