Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Introduction

ServiceNow is a cloud service that can handle many different needs within a company. Some of its features are:

  • Ticket system
  • CMDB
  • Discovery server
  • Security management

When ServiceNow is enabled, it will be visible as a ticket system in Assign Task, and Event Notifications. It also adds an option of importing targets from ServiceNow and activating events and tools for adding tickets. If you disable ServiceNow, the targets will no longer update or scan via ServiceNow until you enable it again.


Ticket system:

A ServiceNow ticket created for a finding will be added as an Incident with target and script information and solution to the finding will be added as Problem. Synchronization between ServiceNow and OUTSCAN/HIAB is periodic. This may cause some delay in the update. With the ticket system, we recommend using old scans to add tickets that you want to get started, and then add the events you want for future scans.

Set Up ServiceNow

Prerequisites


Note

The ServiceNow account used for the integration needs to have Can create and Allow access to this table via web services for Incident and Problem tables selected in order for it to succeed.


The ServiceNow service requires an external OAuth Setup to be configured.

To configure OAuth Setup:

  1. Log in to ServiceNow using your credentials.
  2. Go to System OAuth > Application Registry in the ServiceNow service.
  3. Click New.
  4. On the interceptor page, click Create an OAuth API endpoint for external clients.
  5. Fill in the fields.
  6. Click Submit.


When completed, fill in the Client ID and Client secret (if used) in the Integrations window.

  1. Go to Main Menu > Settings > Integrations.
  2. Select the ServiceNow tab.



  3. Follow the below procedure to enable ServiceNow:

    OptionDescription
    EnabledClick on this field to enable ServiceNow.
    URIProvide the URI of ServiceNow server (only https protocol is supported).
    UsernameProvide the username to authenticate against ServiceNow server.
    PasswordProvide the password to authenticate against ServiceNow server.
    Client ID(If used) Provide your client ID which is generated using OAuth module.
    Client Secret(If used) Provide your client password.
    Add finding solution as problemClick on this field to view the finding solutions under Problems in ServiceNow. 
    CertificateUpload the SSL certificate of your ServiceNow instance.
    Certificate uploadedDisplays Yes if a certificate has been uploaded and No if there is no certificate available.
    App integration enabled(If used) Click on this field to enable ServiceNow app integration.
    App granted IP range(s)(If used) Add an IP range to restrict the access.
    SaveClick on this button to save your current settings.

After enabling ServiceNow, use any of the following ways to create a ticket in OUTSCAN/HIAB:

Method 1

  1. Go to Main Menu > Netsec > Reporting Tools > Findings.
  2. Right click on any finding, select Assign task.

    Integration04

  3. Select ServiceNow in the ticket system drop-down menu.
  4. Click Save to create a ticket.

Method 2:

  1. Go to PCI scanning > Reports.
  2. Right click on a finding, select Assign task.
  3. Select ServiceNow in the ticket system drop-down menu.
  4. Click Save to create a ticket.

Method 3:

  1. Go to Event Notifications.
  2. Click +New.
  3. Select ServiceNow in the Action drop-down menu.

    Note

    This action is only available for Information, Low-Risk, Medium-Risk, and High-Risk findings.

  4. Click Save to create tickets whenever a report is created with findings of the type of the event.

Incident

In ServiceNow a ticket is called an incident, when a scan encounters a finding, it creates a ticket that ends up in Incident > Open.

ServiceNow16


Reference

Integrations