ServiceNow Security Incident Response Implementation (SIRI) Syllabus
Course 2536
2 DAY COURSE

This two-day interactive course prepares implementers to configure and deploy the ServiceNow Security Incident Response (SIR) application. Participants learn how to manage the full lifecycle of security incidents, configure workflows, dashboards, and integrations, and apply Zurich release best practices to improve incident response speed, consistency, and visibility.

ServiceNow Security Incident Response Implementation (SIRI) Syllabus Benefits

• Audience & Prerequisites

  Who Should Attend: Process owners, technical consultants, ServiceNow administrators, project or engagement managers, and operations managers responsible for implementing or supporting Security Incident Response in ServiceNow.
  Prerequisites: Welcome to ServiceNow; ServiceNow Administration Fundamentals; Get Started with Now Create; ServiceNow Platform Implementation; Security Operations Fundamentals. Certified System Administrator (CSA) is strongly recommended. Experience with ServiceNow scripting, integrations, and development is helpful.

  Certification & Exam Information

  This course includes an exam voucher. Certification details and eligibility are governed by ServiceNow Security Operations certification guidance.

ServiceNow Security Incident Response Training Outline

Learning Objectives

Day 1

• Module 1: Security Incident Response Overview and Data Visualization
  Objectives: Identify goals of Security Incident Response; explain how SIR meets customer expectations; review dashboards, reports, and core components.
  Labs: Lab 1.1.1 Initial Application Setup.
• Module 2: Security Incident Form and Field Configuration
  Objectives: Configure security incident forms; review record lifecycle; configure risk calculations and security tags.
  Labs: Lab 2.1.1 Security Incident Response Workspace; Lab 2.2.1 Security Incident Process Selection; Lab 2.3.1 Security Incident Calculator Groups; Lab 2.4.1 Configuring Security Tags.
• Module 3: Incident Generation Configuration
  Objectives: Configure service catalog entries; configure email parsing; configure user-reported phishing; review integrations.
  Labs: Lab 3.2.1 Configure Email Parsing; Lab 3.3.1 Use Case: User Reported Phishing.

Day 2

• Module 4: Playbook Configuration – Advanced Configuration
  Objectives: Configure playbooks and runbooks; configure post-incident reviews; review Now Assist for SecOps.
  Labs: Lab 4.1.1 Configure Security Incident Playbooks; Lab 4.3.1 Post Incident Reviews.
• Module 5: Threat Intelligence Configuration
  Objectives: Review threat intelligence concepts; configure and use the MITRE ATT&CK framework.
  Labs: Lab 5.2.1 Leverage the MITRE ATT&CK Framework.
• Module 6: Integrations Supporting Security Incident Response
  Objectives: Review ServiceNow Store integrations; explore integration use cases; review capability framework; create custom integrations.
  Labs: Lab 6.3.1 Integrations and Capabilities.
• Module 7: Supporting Security Operations Applications
  Objectives: Configure Major Security Incident Management; explore Threat Intelligence Security Center; review Data Loss Prevention application.
  Labs: Lab 7.2.1 Configuring Major Security Incident Response.