USE CASE GUIDE All of the resulting data is reported back to ServiceNow Security Incident Response within seconds and is displayed in the security incident record. Now, a security analyst can view a wealth of information from multiple sources in one place without having to perform manual research. With this information in hand, they can determine the next steps to take in the response process. Perhaps in this case, the next step is to create a firewall block request to prevent malware from exfiltrating data. Again, orchestration can be used by the analyst to create the block request in a couple of clicks without leaving ServiceNow. This saves time and also creates a traceable record as to why the block request was created. You can even choose to fully automate workflows within a response if desired. Security Operations can notify analysts of the steps taken in case they wish to make changes. 4