Skip to main content
Applies to BloodHound Enterprise only After installation and configuration are complete, the integration begins fetching attack path findings from the BloodHound Enterprise API. The integration creates a Security Incident Response (SIR) ticket for each attack path finding. To view and manage security incidents created by the integration:
1

View the list of security incidents

  1. Log in to your ServiceNow instance.
  2. Click All and enter sn_si_incident.list in the search bar to navigate to the list of security incidents.
2

View and manage a security incident

  1. Click a number to view attack path findings and remediation documentation in the incident details.
    A view of the ServiceNow user interface showing a list of security incidents created by the integration, with one incident selected to view details.
  2. Update incident fields as required.
    A view of the ServiceNow user interface showing the process of updating a security incident.
    For example, you can post comments in the Work Notes field.
    A view of the ServiceNow user interface showing the Work Notes field of a security incident.