Security Operations (SecOps)
Overview
Bringing security response onto the Now Platform: managing security incidents, prioritizing and remediating vulnerabilities, enriching with threat intelligence, and tracking configuration compliance — connecting the security team's tools to the same workflow engine and CMDB that IT already uses.
Modules in this family
- Security Incident Response (SIR) — manage and respond to security incidents (SIR)
- Vulnerability Response (VR) — prioritize and remediate vulnerabilities (VR)
- Threat Intelligence — enrich investigations with threat intel
- Configuration Compliance — track and remediate config compliance
Modules in this family
Configuration Compliance
Tracks whether systems are configured securely against benchmarks (like CIS), ingests configuration-scan results, matches failures to assets, and drives remediation — the configuration-hardening companion to Vulnerability Response (VR)'s patch-focused work.
Security Incident Response (SIR)
A structured workspace for the security team to handle security incidents — phishing, malware, breaches — with guided playbooks, automated enrichment, and integration to security tools (SIEM, EDR). It brings the discipline of IT incident management to the SOC, with the CMDB providing asset context.
Threat Intelligence
Feeds external threat data (indicators of compromise, known bad actors, campaigns) into security investigations so analysts can quickly tell whether what they're seeing is a known threat — and automatically enrich security incidents instead of manually looking things up.
Vulnerability Response (VR)
Turns raw vulnerability-scanner output into prioritized, assignable remediation work. It ingests findings (from Qualys, Tenable, Rapid7, etc.), matches them to assets in the CMDB, prioritizes by real risk, and drives fixes through to closure — so teams patch what matters instead of drowning in a scanner's export.
Official docs: Security Operations ↗