Skip to main content
Skip table of contents

ServiceNow - Legacy

Purpose

This document provides set up information on the ServiceNow integration.

Introduction

ServiceNow is a cloud service that can handle many different needs within a company. Some of its features are:

  • Ticket system

  • CMDB

  • Discovery server

  • Security management

When ServiceNow is enabled, it will be visible as a ticket system in Assign Task, and Event Notifications. It also adds an option of importing targets from ServiceNow and activating events and tools for adding tickets. If you disable ServiceNow, the targets will no longer update or scan via ServiceNow until you enable it again.

Ticket system

A ServiceNow ticket created for a finding will be added as an Incident with target and script information and solution to the finding will be added as Problem. Synchronization between ServiceNow and OUTSCAN/HIAB is periodic. This may cause some delay in the update. With the ticket system, we recommend using old scans to add tickets that you want to get started, and then add the events you want for future scans.

Terminology

Outpost24 and ServiceNow describe events differently.

Outpost24 Term

ServiceNow Term

Description

Asset

-

Assets in Outpost24 are unique hosts found during the discovery stage or added automatically while creating a configuration. Assets are uniquely defined based on their IP or hostname.

Target

Asset

Targets in Outpost24 are the assets (as in Outpost24 assets) that can be managed in the system, usually a web site, web application, server, or network device that you would like to scan for security vulnerabilities. In ServiceNow it is called Asset not to be confused with Outpost24 assets.

Finding

Incident

Findings are the potential risks and recommended reconfiguration suggestions found during automatic and manual assessments of the target asset. Outpost24 findings are called Incident in ServiceNow.

Every ServiceNow Incident is connected to a ServiceNow Problem.

Solution and Solution Product

Problem

The ServiceNow Problem is a combination of solution and solution product in Outpost24. This is not per target.

Set Up ServiceNow

Prerequisites

The ServiceNow account used for the integration needs to have Can create and Allow access to this table via web services for Incident and Problem tables selected in order for it to succeed.

OAuth

The ServiceNow service requires an external OAuth Setup to be configured.

To configure OAuth Setup:

  1. Log in to ServiceNow using your credentials.

  2. Go to System OAuth > Application Registry in the ServiceNow service.

  3. Click New.

  4. On the interceptor page, click Create an OAuth API endpoint for external clients.

  5. Fill in the fields.

  6. Click Submit.


When completed, fill in the Client ID and Client secret (if used) in the Integrations window.

  1. Go to Main Menu > Settings > Integrations.

  2. Select the ServiceNow tab.

    servicenow1.jpg


  3. Follow the below procedure to enable ServiceNow:

Option

Description

Enabled

Click on this field to enable ServiceNow.

URI

Provide the URI of ServiceNow server (only https protocol is supported). URI is the hostname

Username

Provide the username to authenticate against ServiceNow server. Username/Password is the credentials for the user in the ServiceNow tool.

Password

Provide the password to authenticate against ServiceNow server.

Client ID

(If used) Provide your client ID which is generated using OAuth module.

Client Secret

(If used) Provide your client password.

Add finding solution as problem

Click on this field to view the finding solutions under Problems in ServiceNow. 

Certificate

Upload the SSL certificate of your ServiceNow instance. The certificate is the SSL (HTTP/HTTPS) certificate which can be access from the browser.

Certificate uploaded

Displays Yes if a certificate has been uploaded and No if there is no certificate available.

App integration enabled

(If used) Click on this field to enable ServiceNow app integration.

App granted IP range(s)

(If used) Add an IP range to restrict the access.

Save

Click on this button to save your current settings.

Creating Tickets in ServiceNow

ServiceNow tickets can be created via events or Assign Task in Reporting Tools. When a ticket is created we will add the combination target+script id as an Incident. This means that a finding for us is an Incident in ServiceNow , but the combination means that there will not be duplicates on ports etc. Every incident is connected to a Problem. The problem is a combination of solution and solution product in Outpost24 terms and not per target.

The result of tickets means that ServiceNow will have a Problem (what needs to be solved) of, for example Update Windows and Incidents (what has triggered the Problem) of target. Information about the target can be found in the Incident. If the target had a saved sysid (SN connection) the corresponding asset (what a target is called in SN) will be linked as the configuration item.

After enabling ServiceNow, use any of the following ways to create a ticket in OUTSCAN/HIAB.

Method 1

  1. Go to Main Menu > Netsec > Reporting Tools > Findings.

  2. Right click on any finding, select Assign task.

    image2018-4-27_13-49-59.png

  3. Select ServiceNow in the ticket system drop-down menu.

  4. Click Save to create a ticket.

Method 2:

  1. Go to PCI scanning > Reports.

  2. Right click on a finding, select Assign task.

  3. Select ServiceNow in the ticket system drop-down menu.

  4. Click Save to create a ticket.

Method 3:

  1. Go to Event Notifications.

  2. Click +New.

  3. Select ServiceNow in the Action drop-down menu.

This action is only available for Information, Low-Risk, Medium-Risk, and High-Risk findings.

  1. Click Save to create tickets whenever a report is created with findings of the type of the event.

API Calls

Outpost24 use REST API with credentials, which means that the user has to have access to System Web Services Application menu and the REST modules.

API calls are kept to a minimum, but in creating tickets it needs to be verified that the ticket does not previously exists and then create it, both for problems and incidents. This can create a high workload when creating many tickets.

It takes an average of 3 seconds per ticket and a big load can take hours to handle. Since this is done in a queue that activates every 10 minutes, it will take at least a couple of minutes before tickets start showing up, in bad cases up to an hour or so on OUTSCAN. This is due to other customers tickets will be in the same queue. It is therefor recommended to import targets all in one go which keeps calls to a minimum.

Importing Targets from ServiceNow CMDB

If ServiceNow integration is enabled there is an option to import new targets from the ServiceNow CMDB.

  1. Open the Main Menu > Netsec > Manage Targets.

  2. Click + New to open Add New Targets.

    Add_new_targets.png



  3. Clicking on the Import From Service Now button displays the Import From Service Now form.

    Import_from_ServiceNow.png


  4. Enter the name of table in ServiceNow you wish to import from. The table field is the only one that is required.
    The Tag, Asset Tag, and Query fields can be used to filter out specific targets from ServiceNow. For example if you write "test" in the tag field it will only import targets from ServiceNow that have the tag "test". Leaving Tag, Asset Tag, and Query blank will result that you will get all the targets in the ServiceNow table you entered.

  5. Click Import to receive the targets from ServiceNow. The targets will be displayed in the target list in Manage Targets.


Exporting Tickets to ServiceNow

When importing targets from ServiceNow the sysid, which is the id the target have in ServiceNow, is saved. Later when an Incident or Problem is created the target sysid is used to connect to the target id in the ServiceNow CMDB to update information.

Incident

In ServiceNow a finding is called an Incident, when a scan encounters a finding, it creates a ticket that ends up in Incident > Open.

Option

Description

short_description

Asset Name or ip/hostname : scriptid

Configuration Item

Asset if it was an active SN imported asset

Impact + Urgency + Priority

Priority on finding

Comments

Finding information

Problem

Connected Solution

Correlation ID

ID in our database

Correlation Display

'outpost24_integration', our mark

Problem

Every Incident is connected to a Problem which is a combination of a solution and solution product within Outpost24. The result of tickets means that there will be a Problem (what needs to be solved) of for example Update Windows and Incidents (what has triggered to problem) of ex. 192.168.2.11:101010.

Option

Description

short_description

Solution : Solution product

Priority

Priority on finding

Comments

Solution information

Correlation ID

ID in our database

Correlation Display

'outpost24_integration', our mark




Copyright

© 2025 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.