This User Manual serves as a guide for users to access and leverage DeCYFIR alerts and incident details in the ServiceNow application.
Once you have launched the URL, you will arrive at the below-mentioned home page. Proceed to enter the user’s name, password & click the “Login” button. URL E.g.: https://ven04914.service-now.com/ You need to download the “Authenticator” app on your mobile device & configure it with your email ID. Once you open the app, it will generate a six-digit code, and you should enter & click the Login button. Check the box "Do not challenge for MFA on this browser for the next 8 hours". This will take you to the home page.
Studio is a developer page where all the coding, configurations are done. Users need to type “Studio” in the search box, which is located on the top left of the page. The search results will be displayed. Click on “Studio” which is displayed in the search result, and it will take you to another page. Click on “DeCYFIR” and you will arrive at the page below. On the left side of the page under “System Properties,” you can see all the important properties like “After” parameter, “Categories”, “Key”, “Logging Level”, “retry”.
This will capture the time of "Last Job" schedule in Unix format. Whenever the net job runs, it will consider the Last captured time & from that time onwards the system will start to fetch the data. This time will be captured for all the Categories.
We have a total of 8 categories (i.e., Data_Leak, Certificates, Attack_Surface, phishing, IP_With_Vulnerability, Brand_Infringement, impersonation, vulnerability), users will have the option to select / deselect the categories they want. For example, if the admin/end user only wants “vulnerability” alerts, he/she can just select that category, update the property & the system will only fetch that alert.
This is the password where it will be used to establish the connectivity between CYFIRMA & SNOW.
Users have the option to configure the type of log which they would like to analyze.
This refers to the number of times the system is allowed to retry to perform an activity. By default, it is configured as 3 times.
Users can set the time/interval the job has to run to fetch the alerts from the CYFIRMA system & this is an automated process. The user can select the “Execute Now” button to trigger the job in an instant or on-demand. Users can configure it to run “Daily”, “Weekly” or “Monthly”.
If the user wants to delete all the alerts displayed in the system, he/she can run the “delete all alerts” script.
Your iFrame Code
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.
