The purpose of this User Manual is to provide knowledge to the users that how they can use/access the DeCYFIR alert, and incident details in the ServiceNow application.
The ServiceNow App is responsible for getting the raw alert data from DeCYFIR and creating corresponding incidents for it in ServiceNow. The app has a set of in-built reports against this alert data ingested.
The latest version of the app polls data using new endpoints for Attack Surface and Digital Risk with each subcategory subtype.
Below mentioned modules will be covered as part of this document.
DeCYFIR ServiceNow application has the following key features:
Additional scope for the updated App to include Subcategories.
at the defined interval to fetch the CYFIRMA’s Attack Surface sub-categories data and ingest into Servicenow Alerts table with Subcategory set as “cip:attack_surface:<sub category>”
at the defined interval to fetch the CYFIRMA’s Digital Risk sub-categories data and ingest into ServiceNow Alerts table with source type set as “cip:digital_risk:<sub category>”
Once you launch the URL, it will take you to the below-mentioned home page, enter the User Name, Password & click the “Login” button.
URL e.g: https://ven04915.service-now.com/
This will take you to the home page.
Users can store the information for multiple Companies or Tenants in the Tenant table.
Categories:
We have two categories.
Subcategories:
Steps to add the Category-Subcategory to the Tenant’s record.
Users can set this at what time/interval the job must run to fetch the alerts from the “Cyfirma” system & this is an automated process. If the user wants to run at any time, they just need to click on the “Execute Now” button, this will instantly trigger the job.
Follow the below steps to schedule job.
Users can see all the alerts received from the Cyfirma system on the “Alerts” page, each alert will have a unique “Alert” and “Incident”. For each alert there will be a new incident created.
Navigating to the Alert page:
Go to “Filter navigator”(left-hand side up) and search for “DeCYFIR Alerts” and click on it.
Click on “DeCYFIR Alerts”, which will open the “DeCYFIR Alerts” page.
Users can also view the Alerts for specific Subtypes by using the “Groupby>Subcategory” filter.
If you click on the “Alert” number that will open the detailed page where the user is able to see the fields and their value including Category and Subcategory. Similarly, for each alert there will be a unique incident generated.
For each alert there will be a unique Incident ID generated.
Under work notes, users can see all the alert fields and their associated values.
Under Related links>DeCYFIR Alerts, the user can see the alerts which are associated with that Incident.
All the system activity will be captured in logs.
Navigating to the Log page:
Go to “Filter navigator”(left-hand side up) and search for “DeCYFIR Logs” and click on it.
Click on “DeCYFIR Logs”, which will open the “DeCYFIR Logs” page.
If you click on any of the “Log types” that will open the detailed page where the user is able to see the Tenant, Log type, Status code, Request URL, Response Body, Category, Subcategory, and Number of tries.
Users are able to see all the category-subcategory alerts and their counts.
Navigating to the dashboard page:
Go to “Filter navigator”(left-hand side up) and search for “Dashboards” and click on Dashboards which is under “Self-Service”.”
It will take the user to the below page and then click on “DeCYFIR Alerts”.
Users will be able to see this page which shows a count of alerts for both the categories-subcategories and their count.
Users have the “Date” filter to filter the Alerts for different time ranges.
Users have the “Tenant” filter to filter the Alerts for different tenants.
Users have the “Category” filter to filter the Alerts for different categories.
Users have the “Subcategory” filter to filter the Alerts for different subcategories.
Users can see the count of Alerts on the page below the Graph based on the filter selected.
If the user clicks on any score card, then he will be redirected to the DeCYFIR Alerts table which shows the latest alerts based on the selection criteria.