US flag US
888-843-8733
888-843-8733
  • Home
  • Courses
  • ServiceNow Security Incident Response Implementation (SIRI) Syllabus

ServiceNow Security Incident Response Implementation (SIRI) Syllabus

Course 2536

  • Duration: 3 days
  • Exam Voucher: Yes
  • Language: English
  • Level: Intermediate

This course covers Security Incident Response essentials such as What Security Incident Response is, why customers need Security Incident Response, and how to properly implement Security Incident Response.

Participants will learn the common technical aspects of a Security Incident Response implementation as well as experience various processes to effectively manage a Security Incident Response implementation. Additionally, participants will learn tactical skills and strategies which will better prepare them to implement Security Incident Response in a scalable, repeatable, and efficient manner.

ServiceNow Security Incident Response Training Delivery Methods

  • Online

  • Upskill your whole team by bringing Private Team Training to your facility.

ServiceNow Security Incident Response Training Information

Upon completion of this course, learners will be able to:

  • Identify the goals of Security Incident Response (SIR)
  • Understand and meet customer goals in an SIR Implementation
  • Create Security Incidents
  • Use and configure dashboards and reports 
  • Use the MITRE-ATT&CK framework in SIR
  • Use the Security Incident Response Workspace
  • Create and apply Security Tags
  • Identify Calculators and apply Risk Scores
  • Enhance Process Definitions and Selection
  • Complete Post Incident Reviews
  • Use SIR Automation Capabilities

Prerequisites

Certification Information

Upon completion of this course, the candidate will be granted access to the voucher for the Certified Implementation Specialist - Security Incident Response (CIS-SIR) exam. 

ServiceNow Security Incident Response Training Outline

Day 1

Module 1: Implementation Planning 

Objectives 

    • Identify Goals of Security Incident Response
    • Discuss how Security Incident Response Meets Customer Expectations
    • Explain Security Incident Response Dashboards & Reports
    • Identify Security Incident Response Components

Labs

    • Lab 1.1 Initial Application Setup

Module 2: Security Incident - Form and Field Basic Configurations

Objectives 

    • Explore Security Incident Form Configurations
    • Review Security Incident Record Lifecycle
    • Explore Security Incident Risk Calculations and Configurations
    • Discuss Security Incident Security Tag Configuration

Labs 

    • Lab 2.1 Security Incident Response Workspace
    • Lab 2.2 Security Incident Process Selection
    • Lab 2.3 Security Incident Calculator Groups
    • Lab 2.4 Configuring Security Tags

Module 3: Incident generation Configuration

Objectives 

    • Explore Security Incident Service Catalog Configuration
    • Discuss Security Incident Email Parsing
    • Explain Security Incident User Reported Phishing Configuration
    • Explore Security Incident Integrations

Labs

    • Lab 3.2 Configure Email Parsing
    • Lab 3.3 Use Case: User Reported Phishing

Day 2

Module 4: Playbook Configuration - Advanced Configuration

Objectives 

    • Configure Playbooks and Runbooks in the SIR Workspace
    • Explain and Configure Post Incident Reviews
    • Overview Now Assist for SecOps

Labs 

    • Lab 4.1 Configuration Security Incident Playbooks
    • Lab 4.3 Post Incident Reviews

Module 5: Threat Intelligence Configuration

Objectives 

    • General Threat Intelligence Overview
    • Explore MITRE – ATT&CK Configuration

Labs 

    • Lab 5.2 Leverage the MITRE-ATT@CK Framework

Module 6: Integrations supporting ServiceNow’s Security Incident Response

Objectives 

    • ServiceNow Store Overview
    • Explore Integration Use Cases
    • Discuss Capability Framework
    • Explain how to create Custom Integrations

Labs 

    • Lab 6.3: Integrations and Capabilities
    • Lab 6.4 Custom Security Incident Integration

Module 7: Other Supporting SecOps Applications

Objectives 

    • Overview of Major Security Incident Management
    • Configure Major Security Incident Management
    • Explore the Threat Intelligence Security Center Application
    • Data Lass Prevention Application Overview

Labs 

    • Lab 7.2 Configuring Major Security Incident Response
Get This Course $1,900 $1,900 For Team Prices Call: 888-843-8733

  • 3-Day Instructor-Led Training

  • ServiceNow Official Content

  • Available for Private Team Training

  • ServiceNow Exam Voucher included

#2536
  • Jun 25 - 26 10:00 AM - 6:00 PM EDT
    Now Learning

  • 3-Day Instructor-Led Training

  • ServiceNow Official Content

  • Available for Private Team Training

  • ServiceNow Exam Voucher included

#2536
  • Jun 25 - 26 10:00 AM - 6:00 PM EDT
    Now Learning

  • Bring this or any training to your organization

  • Full-scale program development

  • Delivered when, where, and how you want it

  • Blended learning models

  • Tailored content

  • Expert team coaching

#2536
Questions about this course?
* Required Fields
Customize Your Team Training Experience

Fill out the form below or call 888-843-8733

* Required Fields
Preferred method of contact:

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

Contact Us

ServiceNow Security Incident Response Training FAQs

Once enrolled, ServiceNow University is available to everyone and provides users access to ServiceNow’s full range of training content, hands-on practice, certifications, and badges. Built on the Now Platform, Now Learning is the place for any ServiceNow user to learn, improve their skills, and share their accomplishments. Visit ServiceNow for more details

Please see the Cancellation and Rescheduling Policy.

Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available online or as Private Team Training.

For instructor-led ServiceNow training courses which unlock an exam voucher, attendees and view their vouchers within ServiceNow University. Click your name in the top right-hand corner and select My Learning Profile and then the My Vouchers tab. Voucher codes are sent to the email address in your ServiceNow University account.  Vouchers expire 1 year after the completion of the course, and the exam must be completed by the expiration. 

Related Courses

  • ServiceNow™
    ServiceNow Application Development Fundamentals Training

    Join our 3-day interactive course to master ServiceNow application development. Includes hands-on labs, exam voucher, and official content.

    Intermediate
    3 days
    Online or In-class
    Starts from $2,700
  • ServiceNow™
    ServiceNow Service Portal Fundamentals Training

    Learn to configure, customize, and extend Service Portal components in this hands-on, two-day training course. Ideal for low-code admins and web designers.

    Foundation
    2 days
    Online or In-class
    Starts from $1,900
  • ServiceNow™
    ServiceNow Vulnerability Response Implementation Training

    Master Vulnerability Response in ServiceNow with hands-on training and prep for CIS-VR certification. 2-day course, online or private.

    Intermediate
    2 days
    Online or In-class
    Starts from $1,900
  • ServiceNow™
    ServiceNow Adopting a Platform Owner Mindset (APOM) Training

    Join our 2-day workshop to master the leadership skills needed for effective platform ownership with ServiceNow. Ideal for current and aspiring Platform Owners.

    Intermediate
    2 days
    Online or In-class
    Starts from $1,900
Chat With Us