Critical-risk tools in Serac
7 of the 432 tools in Serac are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
snow_cleanup_test_artifactsDestructiveSafely cleanup test artifacts from ServiceNow (dry-run enabled by default for safety)
-
snow_delete_attachmentDestructivePermanently delete a file attachment by its sys_id via the /api/now/attachment endpoint. Removes the file from its parent record.
-
snow_inbound_email_actionDestructiveManage inbound email actions: list, get, create, update, delete, enable/disable
-
snow_pa_indicator_manageDestructiveUnified tool for ServiceNow Performance Analytics indicator definitions and their dimensional breakdowns. Wraps the pa_indicators, pa_breakdowns, pa_indicator_breakdowns (join),...
-
snow_rollback_deploymentDestructiveRollback failed deployment by reverting to previous version or deleting artifact
-
snow_workflow_transitionDestructive⚠️ LEGACY: Manage workflow transitions (deprecated - ServiceNow recommends Flow Designer). Actions: create, update, delete, list
-
snow_create_purchase_orderFinancialOpen a purchase order (proc_po) against a vendor, with optional requested_by user and total_cost. Captures the buy-side step after a procurement request has been approved.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.