How can you speed up Incident Response on ServiceNow for Automated Enrichment of security incidents using Threat Intelligence ?

How can you speed up Incident Response on ServiceNow for Automated Enrichment of security incidents using Threat Intelligence ?

February 19, 2021
Profile Icon

Jason Franscisco

Today, most enterprise customers have a manual Swivel-Chair Enrichment processes where Level 1 or Level 2 incident handlers within the security operation center are Swivel-Chairing and logging into external systems. An example is to perform observable look up in RecordedFuture or an IOC look up in VirusTotal or CrowdStrike and so on.

To help SOC analysts to automatically enrich newly created security incidents, Loginsoft has built the integration for Thirdparty Intelligence source with ServiceNow which now allows a Level 1 or Level 2 incident handlers to speed up incident response by performing automatic Threat Lookups, observable lookups, get network statistics and so on for a particular endpoint.

Use Cases Developed for the Integration:

  • Perform Manual enrichment by adding observables manually to the Security Incident form and launching workflows.
  • Build enrichment app that enables the automatic lookup of artifacts added to incidents.
  • Run Automatic enrichment lookups on selected observables upon incident creation.
  • Perform threat enrichment on observables to find out if any security threats.
  • Run Threat Lookup to perform a lookup on more than one observable.
  • Run Threat Lookup related link to perform a lookup on single observable.
  • Feed Ingestion
  • With Feed Fetch Interval, the ingested observable can be created as a new security incident then the enriched data for that IOC will automatically added to the created incident.

Automatic Enrichment

In the below case, IP address is automatically parsed and shown as Malicious from a Threat Intelligence source by performing Automatic Threat Look Up.

Automatically Enriched Observable for a Security Incident
IP Address shown as Malicious IP

Manual Enrichment

The Threat Lookup Results shows from Two Threat Intelligence Sources, VirusTotal and RecordedFuture in the sample image below.

Results shown from Threat Intelligence sources.

Manual Enrichments

Similarly, SOC Analyst can do a Manual Look Up Observable for a Security incident by selecting the configured Sources available.

Manual Enrichment of Observables from Sources configured.

Explore Cybersecurity Platforms

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.

Learn more
white arrow pointing top right

About Loginsoft

For over 20 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media, and more have come to rely on Loginsoft as a trusted resource for technology talent. From startups, to product and enterprises rely on our services. Whether Onsite, Offsite, or Offshore, we deliver. With a track record of successful partnerships with leading technology companies globally, and specifically in the past 6 years with Cybersecurity product companies, Loginsoft offers a comprehensive range of security offerings, including Software Supply Chain, Vulnerability Management, Threat Intelligence, Cloud Security, Cybersecurity Platform Integrations, creating content packs for Cloud SIEM, Logs onboarding and more. Our commitment to innovation and expertise has positioned us as a trusted player in the cybersecurity space. Loginsoft continues to provide traditional IT services which include Software development & Support, QA automation, Data Science & AI, etc.

Expertise in Integrations with Threat Intelligence and Security Products: Built more than 250+ integrations with leading TIP, SIEM, SOAR, and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar & Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet, and so on. Loginsoft is a partner with industry leading technology vendors Palo Alto, Splunk, Elastic, IBM Security, etc.

In addition, Loginsoft offers Research as a service: We're more than just experts in cybersecurity; we're your accredited in-house research team focused on unraveling the complexities of cybersecurity and future technologies. From Application Security to Threat Research, our seasoned professionals have cultivated expertise in every facet of the field. We've earned the trust of over 20 security platform companies, who count on our research and analysis to strengthen their cybersecurity solutions.

Interested to learn more? Let’s start a conversation.

Book a meeting


Latest Articles

Get practical solutions to real-world challenges, straight from experts who conquered them.

View all our articles

Sign up to our Newsletter