Build your own through the REST API Explorer

Ask for assistance in the community page

Download one from ServiceNow Share

Look for one in the ServiceNow Store

IT

Classification

Security

CI

as desirable outcomes with clear, measurable Key Performance Indicators

differently depending upon 3 stages: Process Improvement, Process Design, and Post Go-Live

as a series of states with consistent, clear metrics

as a value on a scale of 1-10 based on specific outcomes

URLs, domains, or IP addresses appearing in the body

Who reported the phishing attempt

State of the phishing email

IP addresses from the header

Hashes and/or file names found in the EML attachment

Type of Ingestion Rule used to identify this email as a phishing attempt

requires the sn_si.admin role

requires the sn_si.catalog role

requires both sn_si.write and catalog_admin roles

requires the admin role

Traffic Light Protocol

Block from Sharing

IoC Type

Severity

Cyber Kill Chain Step

Escalation Level

Enrichment whitelist/blacklist

The cost of the response to the security breach

The impact, urgency and priority of the incident

The time taken to resolve the security incident

The business value of the affected asset

Post Incident Activity

Detection & Analysis

Preparation and Identification

Containment, Eradication, and Recovery