The DeCYFIR app for ServiceNow is offered technology leaders much-needed insights into their external threat landscape, arming them with crucial intel to take remedial actions before a cyber attack occurs. With DeCYFIR, cyber security teams receive specific insights related to hackers, motives, campaigns, and methods. The intel from DeCYFIR is unlike any other generic feeds as these insights are tailored to your industry, geolocation, and technology stack, ensuring the data in your ServiceNow telemetry is always relevant and up to date. With DeCYFIR for ServiceNow app the team gains exponential efficiency by acquiring the capability to scale security across the organisation including people, process and technology.
-
A scheduler job which will poll for alert data using Cyfirma’s API on fixed intervals based on Categories and Subacategories
-
A custom alert table within ServiceNow to ingest the alert data.
-
A business rule to check if an Alert already has an associated incident in ServiceNow , else it will create a new Incident in the incident table within ServiceNow.
-
A list will be created for viewing the alert data from the custom alert table. This will be associated to incident form to view the alerts related to each incident
-
In built Reports
-
Count of alerts of each category and corresponding subcategory
-
Ability to view 1 month alert data per category.
CYFIRMA DeCYFIR application 3.7 for ServiceNow to achieve the following key targets:
● CYFIRMA Attack Surface sub categories data ingestion
● CYFIRMA Digital Risk sub categories data ingestion
● CYFIRMA Dashboard tab will additionally show data of Attack Surface and Digital risk.
ServiceNow Application perform the following:
● CYFIRMA Attack Surface sub-categories data ingestion
o Domain/IP vulnerability
o Certificate
o Configurations
o Open ports
o Domain reputation
o Open bucket
App will call CYFIRMA’s 1 REST endpoint with 6 different subtypes (as mentioned above) parameters at defined interval to fetch the CYFIRMA’s Attack Surface sub categories data and ingest into the DeCyfir Alerts table with Category as ‘Attack Surface’ and Subcategory field set as one of the above sub categories.
● CYFIRMA Digital Risk sub-categories data ingestion
o Impersonation
▪ Domain/IT assets
▪ Execute/ people
● Brand Infringement
▪ Social handler
▪ Product/solution
● Data Breach
▪ Phishing
▪ Ransomware
App will call CYFIRMA’s 1 REST endpoint with 6 different subtypes parameters (as mentioned above) at defined interval to fetch the CYFIRMA’s Digital Risk sub categories data and ingest into Alerts table with Category set as Digital Risk and Subcategory set as one of the above sub categories
● Search CYFIRMA Attack Surface and Digital Risk data
ServiceNow user can use the default Search options available in List View of ServiceNow to search CYFIRMA’s Attack Surface and Digital Risk
● update the DeCyfir ServiceNow app to perform the following: ● App will contain a Dashboard tab which fetches data of Attack Surface from the Alerts table and will show in UI.
ServiceNow Instance