Abstract: Persistent storage may contain definitions of: configuration items (CIs) each having attributes that characterize a respective hardware or software component, a list of data sources used to update at least some of the CIs, and an auto-attestation time period; and one or more processors configured to: identify a plurality of the CIs for auto-attestation; for each respective CI, determine a respective condition of whether: (i) a data-source attribute of the respective CI indicates that it was updated by a trusted data source, and (ii) a most-recent-update attribute of the respective CI indicates that it was updated within the auto-attestation time period; and mark each respective CI based on its respective condition, wherein the respective CI is marked as auto-attested when its respective condition is true, and wherein the respective CI is marked as not auto-attested when its respective condition is false.

Abstract: A computational instance may contain a plurality of vulnerable items and a plurality of change requests, wherein at least some of the vulnerable items are assigned to a vulnerability group, the vulnerable items represent hardware or software components that exhibit known vulnerabilities, and the change requests represent additions, removals, or modifications of the hardware or software components. The computational instance may further include one or more computing devices configured to: generate a representation of a first graphical user interface containing data related to the vulnerability group, generate a representation of a second graphical user interface that allows specification of change request options, generate a representation of a third graphical user interface with data entry fields for a corresponding change request that are auto-populated based on the data related to the vulnerability group, and add a corresponding change request to the plurality of change requests.

Abstract: An example embodiment performed by a scoped software application executable on a computing device of a computational instance of a remote network management platform may involve: requesting and receiving, from an application database associated with a third-party software application, alert rules that trigger alerts when associated events occur in a managed network; receiving data representing selection of a set of the alert rules and, based on the data, requesting and receiving, from the application database, a set of past alerts that have been triggered by the set of the alert rules; using mapping data to map fields of the set of the past alerts to fields of a sample security incident record; displaying a preview region including the sample security incident record; using the mapping data to create security incident records that map to the set of the past alerts; and writing, to a security incident database, the security incident records.

Abstract: A computational instance may contain a plurality of vulnerable items and a plurality of change requests, wherein at least some of the vulnerable items are assigned to a vulnerability group, the vulnerable items represent hardware or software components that exhibit known vulnerabilities, and the change requests represent additions, removals, or modifications of the hardware or software components. The computational instance may further include one or more computing devices configured to: generate a representation of a first graphical user interface containing data related to the vulnerability group, generate a representation of a second graphical user interface that allows specification of change request options, generate a representation of a third graphical user interface with data entry fields for a corresponding change request that are auto-populated based on the data related to the vulnerability group, and add a corresponding change request to the plurality of change requests.

Abstract: A computational instance may contain a plurality of vulnerable items and a plurality of change requests, wherein at least some of the vulnerable items are assigned to a vulnerability group, the vulnerable items represent hardware or software components that exhibit known vulnerabilities, and the change requests represent additions, removals, or modifications of the hardware or software components. The computational instance may further include one or more computing devices configured to: generate a representation of a first graphical user interface containing data related to the vulnerability group, generate a representation of a second graphical user interface that allows specification of change request options, generate a representation of a third graphical user interface with data entry fields for a corresponding change request that are auto-populated based on the data related to the vulnerability group, and add a corresponding change request to the plurality of change requests.

Abstract: A computational instance may contain a plurality of vulnerable items and a plurality of change requests, wherein at least some of the vulnerable items are assigned to a vulnerability group, the vulnerable items represent hardware or software components that exhibit known vulnerabilities, and the change requests represent additions, removals, or modifications of the hardware or software components. The computational instance may further include one or more computing devices configured to: generate a representation of a first graphical user interface containing data related to the vulnerability group, generate a representation of a second graphical user interface that allows specification of change request options, generate a representation of a third graphical user interface with data entry fields for a corresponding change request that are auto-populated based on the data related to the vulnerability group, and add a corresponding change request to the plurality of change requests.

Abstract: An example embodiment performed by a scoped software application executable on a computing device of a computational instance of a remote network management platform may involve: requesting and receiving, from an application database associated with a third-party software application, alert rules that trigger alerts when associated events occur in a managed network; receiving data representing selection of a set of the alert rules and, based on the data, requesting and receiving, from the application database, a set of past alerts that have been triggered by the set of the alert rules; using mapping data to map fields of the set of the past alerts to fields of a sample security incident record; displaying a preview region including the sample security incident record; using the mapping data to create security incident records that map to the set of the past alerts; and writing, to a security incident database, the security incident records.

Abstract: An example embodiment performed by a scoped software application executable on a computing device of a computational instance of a remote network management platform may involve: requesting and receiving, from an application database associated with a third-party software application, alert rules that trigger alerts when associated events occur in a managed network; receiving data representing selection of a set of the alert rules and, based on the data, requesting and receiving, from the application database, a set of past alerts that have been triggered by the set of the alert rules; using mapping data to map fields of the set of the past alerts to fields of a sample security incident record; displaying a preview region including the sample security incident record; using the mapping data to create security incident records that map to the set of the past alerts; and writing, to a security incident database, the security incident records.

Abstract: An example embodiment performed by a scoped software application executable on a computing device of a computational instance of a remote network management platform may involve: requesting and receiving, from an application database associated with a third-party software application, alert rules that trigger alerts when associated events occur in a managed network; receiving data representing selection of a set of the alert rules and, based on the data, requesting and receiving, from the application database, a set of past alerts that have been triggered by the set of the alert rules; using mapping data to map fields of the set of the past alerts to fields of a sample security incident record; displaying a preview region including the sample security incident record; using the mapping data to create security incident records that map to the set of the past alerts; and writing, to a security incident database, the security incident records.