What is a one sentence summary of your feature request?
Add function to route threat response to appropriate team when posting to ServiceNow
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
As of now NTM does not have capability to set “assignment group” filed when the ServiceNow incident is created via playbook action. Customer would like to be able to control from NTM side what “group” gets assigned by NTM in “assignment group” field.
This can significantly increase efficiency by assigning ServiceNow incidents to appropriate teams as soon as they are created from NTM side.
How do you currently solve the challenges you have by not having this feature?
Manual review of ServiceNow incidents and route to appropriate team.
Thanks Brandon - this makes sense. Unfortunately, I am not overly familiar with ServiceNow groups. Would these be Active Directory groups we should help auto-complete, or should we allow it to be a free-text field?
I expect this would be AD groups as ServiceNow access can be integrated with AD. It would make sense that incident response teams would share a group membership.
within our deployment, assignment groups are natively managed in ServiceNow, not controlled via AD groups. I have been able to override the default assignment group by modifying the ActionService\PowerShell\ServiceNow.ps1 file (adding $Incident.assignment_group = “<assignment_Group_Name>”). Which is a good workaround but still limited to a single assignment group.
Thanks for that context Mark and welcome to the community! That helps clarify what we’d need to build on the development side and is a nice workaround for anyone else in this scenario.
Would you say users configuring this would always know the name of the ServiceNow assignment group they’d want to assign to? Thinking we could implement this with support for AD groups (which we’d easily be able to auto-complete) and a free-text capability for native ServiceNow groups. If we have to query ServiceNow for their groups to auto-complete these, it’d definitely increase the scope of the development effort.
Thanks Kevin. I should think so, easy enough to look up the available assignment group values in ServiceNow and hard code them in a free text field on the ThreatMgr side of things.