For my customers, I deploy ServiceNow Security Operations, which is always in a cloud environment as it is a SaaS application. There is a provision for on-prem deployment, but the support is minimal from ServiceNow.

If we encounter challenges while deploying, we raise incidents. These incidents are categorized by priority: high, medium, and low. We assign an incident number and notify the relevant teams to address the issue. For instance, if we experience a problem with Cloud services or any other issue, we will raise an incident and suggest a course of action. Similarly, they are categorized into expedited, emergency, normal, and planned changes when raising change requests.

I use ServiceNow for ticketing purposes. Specifically, I raise tickets between the support team. This is used by internal teams within the company for managing support-related tasks.

ServiceNow Security Operations is used for threat intelligence and managing issues, offences or incidents. 

We use it on a daily basis. We received tickets in ServiceNow. We can connect with the user using the ServiceNow application. 

We can drop an email, use the top bar, create filters, see how many tickets we have, monitor daily usage, track received tickets, and manage follow-ups. We can also manage dependent tickets and the "Accredited Fine."

My primary use cases with this solution are focused on automation, particularly integrating security operations with pen-testing tools like Nessus, BurpSuite, and Kali Linux.

I used this solution for incident management for issues that take longer to resolve.

About 1,000 people were using this solution in my organization, including management and procurement.

I wasn't using the latest version. 

The solution is generally for operational use, and if there is any security incident, for example, somebody clicks a corrupt link, or there are phishing emails, we can raise a security incident and manage those incidents. 

We have Elasticsearch, Data Stream, and other vulnerability scanning tools where we get vulnerable data, and we've integrated them with ServiceNow Security Operations. We would export the data and attach that to the penetration test request by first pushing and transforming the data. Vulnerable items will be created and mapped on ServiceNow Security Operations, then loaded to the penetration test or vulnerable items table.

We develop all these applications. In particular, we modify the fields forms,  then, based on the requirement, there'll be changes to the configuration and workflow, and we'll also develop the catalog item required. If we want to push data, we'll make a request and integrate it to push the data to the different tables on ServiceNow Security Operations.

These are our use cases for ServiceNow Security Operations.

I am a security architect. I construct the solutions. ServiceNow Security Operations is on-premises, however, it's a hybrid model where you can have a public cloud also working in tandem with your on-site deployment.

The main use case is SecOps or security operations. ServiceNow Security is a two-way ticketing model that gets integrated with Splunk, for example. Splunk will provide two-way integration into the service management process. You have Splunk on one end and ServiceNow on the other end. The tickets will be integrated between the two and be either manually or automatically created. The tickets can be initiated from either platform and automatically or manually pushed as well.

We use ServiceNow Security Operations to enhance our cybersecurity efforts. By integrating with tools like Microsoft Defender and external threat intelligence, we assess and prioritize vulnerabilities in devices. This proactive approach helps us ensure the security of our internal systems and meet the specific needs of our clients, providing a robust defense against potential threats.

Our customers use ServiceNow Security Operations to handle their organization's legal structure. Additionally, they use it to define or share information about gifts received from third-party vendors.

It's for internal and external security. There are some things that ServiceNow does. It's to do a comparison study. I just turn the numbers over.

We create the SSO catalog packages and such through ServiceNow.

We get an invoice or a statement, and we work off of what the client needs to have. A lot of times, I also go back to the business users and try to derive better requirements as they're not very good at it.

It's deployed on the ServiceNow-hosted GCC.

We are contracted by a federal organization to lead an engagement to integrate their existing Vulnerability scanner with ServiceNow SecOps Vulnerability Response with their existing ServiceNow ITSM solution.

The use case is to manage scan results from Tenable and help this organization better manage how these vulnerabilities are grouped, prioritized, assigned, processed, monitored and remediated. 

Integration with the existing Request, Incident, Change and Configuration Management processes are key.  Once a vulnerability is remediated, it needs to be confirmed via rescan and closed.  This process informs the system so future remediations are resolved faster and more efficiently.   

We are a solution provider and ServiceNow is one of the products that we implement for our clients. Of the different ServiceNow modules, we are familiar with several, including Security Operations.

ServiceNow integrates with the helpdesk and our clients use it to manage their tickets. It is also used to keep track of security incidents and run periodic scans.  

Deployment to customers looking to vastly reduce security incident response time and have an auditable trail of the post-mortem analysis on security incidents.

Reduces time to closure and closure metrics for vulnerabilities.

We use ServiceNow for incident management and change management purposes. It is used for managing day-to-day operations, incident management, and planning major organizational changes.