Skip to main content

Automatic remediation in Nebula integration with ServiceNow

Effective August 18, 2023, the integration between ServiceNow and Nebula has reached its End of Maintenance (EOM). While the integration remains available for use, we would like to inform you that it will no longer receive updates. We encourage you to exercise caution when using this integration, as any use will be at your own risk. We are committed to providing ongoing support for common product usage questions and access to our online articles.

With the Malwarebytes Integration for ServiceNow you can automatically remediate malware from endpoints based on security tickets from end users in Security Operations.

Automatic Remediation

To enable Automatic Malware Remediation:

  1. In ServiceNow, use the Filter navigator Search bar to find System Definition > Business Rules.
  2. In the Name column search bar, enter Malwarebytes Automatic Remediation.
  3. Change the value of the Active column to true.
    5.png

Example: End user computer is infected

In the following example, an end user computer is infected. The end user creates a security ticket and Malwarebytes automatically remediates the endpoint.

End user steps

The end user creates a ticket following these steps:

  1. In ServiceNow, the end user uses the Filter navigator Search bar to find Self-Service > Security Incident Catalog.
  2. For the security incident category, the end user selects Malicious code activity.
    6.png
  3. For the subcategory, the end user selects Worms, Virus, Trojan.
    7.png
  4. On the next screen, the end user inputs
    • Affected System: The hostname of the end user’s endpoint
    • A Short Description
    • Priority: Select from the drop-down menu
      8.png
  5. The end user clicks submit. This creates a security incident ticket which the security analyst can access.

Security analyst steps

  • When the security analyst goes to the Security Incidents table, they see a security incident ticket with the description “My computer has been infected! Please HELP!”
  • The analyst opens the ticket and sees the scan & quarantine task has been initiated on the endpoint.
    9.png

 

Return to the Nebula Integration with ServiceNow guide.

Related articles