UUSE CSE CAASE GUSE GUIIDDEE Use playbooks and integrations to A number of accelerate security incident response playbooks, subflows, and actions are Speed is critical when it comes to security incidents. We’ve covered how automation included with can help reduce the amount of work security analysts need to do while also driving ServiceNow Security efficiencies and helping them respond faster. Security Incident Playbooks are another tool to help increase the effectiveness of your security analysts, especially those who Incident Response. are newer to the organization or early in their career. Playbooks provide step-by-step You can configure guidance to remediate common security threats. A phishing example these or create new A number of playbooks, subflows, and actions are included with ServiceNow Security playbooks quickly Incident Response. You can configure these or create new playbooks quickly and and easily without easily without code using Flow Designer, a Now Platform feature for automating code using Flow processes using natural language. Here’s a phishing example to show how playbooks and integrations accelerate security response. Designer, a Now An employee forwards a suspicious email to [email protected], a specific Platform feature mailbox set up by their organization’s security team to direct the email to their for automating ServiceNow instance. The instance then parses the attached .eml file and compares it against email matching rules that have been created in advance to determine if processes using it’s a potential phish. If so, a security incident is created that includes an attached natural language. copy of the email. Any security observables or Indicators of Compromise (IoCs) are automatically submitted to third-party threat intelligence vendors to determine if Here’s a phishing the email is malicious. The observables and threat lookup results are then visualized example to show in the security incident overview. how playbooks and integrations accelerate security response. 55