$1,900
2-Day Instructor-Led Training
ServiceNow Official Content
Available for Private Team Training
ServiceNow Exam Voucher included
ServiceNow Security Incident Response Implementation (SIRI) Syllabus
Course 2536
- Duration: 2 days
- Exam Voucher: Yes
- Language: English
- Level: Intermediate
This two-day interactive course prepares implementers to configure and deploy the ServiceNow Security Incident Response (SIR) application. Participants learn how to manage the full lifecycle of security incidents, configure workflows, dashboards, and integrations, and apply Zurich release best practices to improve incident response speed, consistency, and visibility.
ServiceNow Security Incident Response Training Delivery Methods
Online
Upskill your whole team by bringing Private Team Training to your facility.
ServiceNow Security Incident Response Training Information
Audience & Prerequisites
Who Should Attend: Process owners, technical consultants, ServiceNow administrators, project or engagement managers, and operations managers responsible for implementing or supporting Security Incident Response in ServiceNow.
Prerequisites: Welcome to ServiceNow; ServiceNow Administration Fundamentals; Get Started with Now Create; ServiceNow Platform Implementation; Security Operations Fundamentals. Certified System Administrator (CSA) is strongly recommended. Experience with ServiceNow scripting, integrations, and development is helpful.
Certification & Exam Information
This course includes an exam voucher. Certification details and eligibility are governed by ServiceNow Security Operations certification guidance.
ServiceNow Security Incident Response Training Outline
Day 1
- Module 1: Security Incident Response Overview and Data Visualization
Objectives: Identify goals of Security Incident Response; explain how SIR meets customer expectations; review dashboards, reports, and core components.
Labs: Lab 1.1.1 Initial Application Setup. - Module 2: Security Incident Form and Field Configuration
Objectives: Configure security incident forms; review record lifecycle; configure risk calculations and security tags.
Labs: Lab 2.1.1 Security Incident Response Workspace; Lab 2.2.1 Security Incident Process Selection; Lab 2.3.1 Security Incident Calculator Groups; Lab 2.4.1 Configuring Security Tags. - Module 3: Incident Generation Configuration
Objectives: Configure service catalog entries; configure email parsing; configure user-reported phishing; review integrations.
Labs: Lab 3.2.1 Configure Email Parsing; Lab 3.3.1 Use Case: User Reported Phishing.
Day 2
- Module 4: Playbook Configuration – Advanced Configuration
Objectives: Configure playbooks and runbooks; configure post-incident reviews; review Now Assist for SecOps.
Labs: Lab 4.1.1 Configure Security Incident Playbooks; Lab 4.3.1 Post Incident Reviews. - Module 5: Threat Intelligence Configuration
Objectives: Review threat intelligence concepts; configure and use the MITRE ATT&CK framework.
Labs: Lab 5.2.1 Leverage the MITRE ATT&CK Framework. - Module 6: Integrations Supporting Security Incident Response
Objectives: Review ServiceNow Store integrations; explore integration use cases; review capability framework; create custom integrations.
Labs: Lab 6.3.1 Integrations and Capabilities. - Module 7: Supporting Security Operations Applications
Objectives: Configure Major Security Incident Management; explore Threat Intelligence Security Center; review Data Loss Prevention application.
Labs: Lab 7.2.1 Configuring Major Security Incident Response.
Speak with a Learning Consultant
Speak with a Learning Consultant
Fill out the form below or call 888-843-8733
Need Help Finding The Right Training Solution?
Our training advisors are here for you.
ServiceNow Security Incident Response Training FAQs
Once enrolled, ServiceNow University is available to everyone and provides users access to ServiceNow’s full range of training content, hands-on practice, certifications, and badges. Built on the Now Platform, Now Learning is the place for any ServiceNow user to learn, improve their skills, and share their accomplishments. Visit ServiceNow for more details.
Please see the Cancellation and Rescheduling Policy.
Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available online or as Private Team Training.
For instructor-led ServiceNow training courses which unlock an exam voucher, attendees and view their vouchers within ServiceNow University. Click your name in the top right-hand corner and select My Learning Profile and then the My Vouchers tab. Voucher codes are sent to the email address in your ServiceNow University account. Vouchers expire 1 year after the completion of the course, and the exam must be completed by the expiration.