With the Malwarebytes Integration for ServiceNow you can automatically remediate malware from endpoints based on security tickets from end users in Security Operations.
Automatic Remediation
To enable Automatic Malware Remediation:
- In ServiceNow, use the Filter navigator Search bar to find System Definition > Business Rules.
- In the Name column search bar, enter Malwarebytes Automatic Remediation.
- Change the value of the Active column to true.
Example: End user computer is infected
In the following example, an end user computer is infected. The end user creates a security ticket and Malwarebytes automatically remediates the endpoint.
End user steps
The end user creates a ticket following these steps:
- In ServiceNow, the end user uses the Filter navigator Search bar to find Self-Service > Security Incident Catalog.
- For the security incident category, the end user selects Malicious code activity.
- For the subcategory, the end user selects Worms, Virus, Trojan.
- On the next screen, the end user inputs
- Affected System: The hostname of the end user’s endpoint
- A Short Description
- Priority: Select from the drop-down menu
- The end user clicks submit. This creates a security incident ticket which the security analyst can access.
Security analyst steps
- When the security analyst goes to the Security Incidents table, they see a security incident ticket with the description “My computer has been infected! Please HELP!”
- The analyst opens the ticket and sees the scan & quarantine task has been initiated on the endpoint.
Return to the Nebula Integration with ServiceNow guide.