COMMAND PERFORMANCE: Leveraging Orchestration

As we’ve said in a previous blog, incidents needing your attention don’t occur in a vacuum. That’s why it’s so helpful ServiceNow includes a bevy of Security Operations Automation tools allowing you to save time by eliminating manual processes and obtaining contextual information. One of our favorites is an application called Orchestration. Orchestration is a bit like a digital scout retrieving data from a variety of different systems, automating processes and making your life easier in the meantime. In this post, we’ll explore some of these benefits in depth.

So, without further ado, we’d like to introduce you to your new digital scout.

HOW IT WORKS
In optimizing Orchestration to complete various tasks, it can be helpful to understand what’s going on under the hood. So let’s say you’ve instantiated an Orchestration activity—a probe gets launched and recorded. The workflow pauses, the MID Server picks up and executes the probe and the probe reports back. The workflow resumes and the results are analyzed.

OrchestrationDiagram

THE BENEFITS
Well that’s great, you’re saying to yourself, but how does this help me or my team? The answer to that question is: in more ways than we can write in a blog post, but here are a few:

  • Get Email Details from Exchange Server: Searches for email in message tracking report on an Exchange Server and retrieves their details.
  • Search/Delete Threat Email in Exchange Activity: Scans all mailboxes in an Exchange Server to search or delete threat emails using a query you specify.
  • Get IP from CI activity: Determines the IPV4 address associated with a configuration item.
  • Get Network Statistics via netstat activity: Retrieves the network statistics for an affected resource on a Windows-based system.
  • Get running processes via WMI activity: Retrieves the running processes of a configuration item on a Windows-based system.

BUT WAIT…
There’s more. Perhaps the crown jewel of Orchestration applications is the Activity Designer. See, all of those benefits listed above are examples of Orchestration “activities.” What makes Orchestration really special is that it hosts a feature called Activity Designer. That’s exactly what it sounds like—it enables your team’s developers to create custom Orchestration activities to complete tasks that may be unique to your circumstances and not available out-of-box.

At Cask, we understand that—should your team be like most—it’s under constant stress. We hope this post has made it clear that the Orchestration application within ServiceNow enables you to simply create a new (albeit, virtual) team member whose sole job is accelerating the investigation and remediation process. When used correctly, it’s a unique tool for your proverbial work belt that further underscores ServiceNow’s ability to add a little effortlessness to your work life.

Any questions? Contact Cask or your ServiceNow representative. We’re happy to help with anything you may need.

Menu
X