This User Manual serves as a guide for users to access and leverage DeCYFIR alerts and incident details in the ServiceNow application.
Once you have launched the URL, you will arrive at the below-mentioned home page. Proceed to enter the user’s name, password & click the “Login” button. URL E.g.: https://ven04914.service-now.com/
You need to download the “Authenticator” app on your mobile device & configure it with your email ID. Once you open the app, it will generate a six-digit code, and you should enter & click the Login button. Check the box "Do not challenge for MFA on this browser for the next 8 hours".
This will take you to the home page.
Studio is a developer page where all the coding, configurations are done. Users need to type “Studio” in the search box, which is located on the top left of the page. The search results will be displayed.
Click on “Studio” which is displayed in the search result, and it will take you to another page.
Click on “DeCYFIR” and you will arrive at the page below.
On the left side of the page under “System Properties,” you can see all the important properties like “After” parameter, “Categories”, “Key”, “Logging Level”, “retry”.
We have a total of 8 categories (i.e., Data_Leak, Certificates, Attack_Surface, phishing, IP_With_Vulnerability, Brand_Infringement, impersonation, vulnerability), users will have the option to select / deselect the categories they want. For example, if the admin/end user only wants “vulnerability” alerts, he/she can just select that category, update the property & the system will only fetch that alert.
Users can see all the alerts received from the CYFIRMA system on the “Alerts” page. Each alert will have the unique “Alert”, “Incident” & UID. For each new alert, a new incident will be automatically created.
Click on “Decyfir alerts” and that will open the “DeCYFIR Alerts” page.
If you click on the “Alert” number, it will open the details page where the user will be able to see the fields and their values. Similarly, for each alert, there will be a unique incident generated.
All the system activity will be captured in logs.
Click on “Decyfir Logs” and that will open the “DeCYFIR Logs” page.
If you click on “Category”, it will open the details page where the user will be able to see the "Log Type", "Status Code", "Request URL" and "Response Body".
For each alert, a unique Incident ID will be generated.
That will take the user to the incident page & the user can see details such as "Impact", "Urgency" and "Description".
Under work notes, users are able to see all the alerts fields and their associated values.
Under "Related" links, users are able to see the associated alerts.
Users are able to see all the category alerts, their count, and the "Top 5" events.
It will take the user to the page below & click on “DeCYFIR Alert”.
Users will be able to see this page where it will show all the categories and their count.
Similarly, by scrolling down, users are able to see the “Top 5” alerts.
Users will have the option to search using different time ranges.