1. Home
  2. Integrations
  3. Integration with ServiceNow Incidents

Integration with ServiceNow Incidents

After completing this article, you will learn how to:

– Integrate your ServiceNow account with your AppSec Phoenix account
– Link Applications and Environments to ServiceNow Incidents teams
– Create incident tickets to track Vulnerabilities in your AppSec Phoenix Applications and Environments
– Get status updates back into AppSec Phoenix by creating a webhook in ServiceNow

Prerequisites

– In order to integrate ServiceNow to your AppSec Phoenix instance, you should have access to the platform as an Organisation Admin user.
– Access to your ServiceNow platform to obtain integration credentials

A. Integrating ServiceNow Incidents

ServiceNow API Credentials

In order to authenticate with the ServiceNow API server you need user credentials and a set of OAuth client credentials. You will need these details later, when configuring the integration in AppSec Phoenix.

User Credentials

In order to connect with ServiceNow from AppSec Phoenix you need he credentials (username and password) of a user that has the “itil” role assigned to it. The recommendation is to create a user specifically for the integration so that you can better control its credentials and permissions, but any active user with the right role/permissions would work. You can manage users within Service Now by navigating to Organisation > Users.

OAuth Client Credentials

As well as the user’s credentials described above, you need to create an entry in the Application Registry to allow AppSec Phoenix to access ServiceNow’s API. You can do that by navigating to System OAuth > Application Registry and clicking on “New“.

Enter a name for the client application and provide a client secret. Make sure that the “Active” tick-box is selected and leave the “Lifespan” default values. Then Save/Update the application entry.

Integrating ServiceNow into AppSec Phoenix

Before using ServiceNow Incidents integration features within your AppSec Phoenix instance, you have to set it up first by configuring the ServiceNow – AppSec Phoenix integration. Here are the steps to complete the integration process:

  1. On the Navigation Menu, go to Integrations > Workflow. Then click on the Create Workflow button.
  1. In the first step enter an name for the integration and select the ServiceNow integration type. Then click Next.
  1. On the second step you need to provide the ServiceNow connection details obtained at the start of this article:
  • Server URL: The base url of your ServiceNow instance
  • Client ID and Secret: from the OAuth clientcredentials
  • Username and Password: from the user credentials
  1. Click the “Save Workflow” button.

In order to link an existing AppSec Phoenix Application to ServiceNow, you need to edit the Application and enable the “Link to Issue Tracking Project” checkbox.

  1. On the Navigation Menu, select Risk Explorer > Applications.
  1. Select the Application List tab and scroll down to the Application that you want to update. Hover your mouse over the application entry, click on the three-dots icon than appears on the right, and select Edit (pencil icon).
  1. In the Update Application form, find that Integration section on the right-hand side and check the “Link to Issue Tracking Project”.
  2. Select the ServiceNow integration account and Incident team that you want to link the Application to.
  3. Click the “Save Integrations Config” button to save the changes.

By linking your application to a ServiceNow team you will be able to create tickets in Incidents for the application’s vulnerabilities with a single click.

Once the process is completed a ServiceNow logo will appear next to the Application in the Applications list to indicate that the Application is currently linked to ServiceNow Incidents.

In order to link an existing AppSec Phoenix Environment to ServiceNow, you need to edit the Environment and enable the link to “Link to Issue Tracking Project” checkbox. The whole process is analogous to the one for Applications (above):

  1. On the Navigation Menu, select Risk ExplorerEnvironments.
  2. Select the Environment List tab and scroll down to the Environment that you want to update. Hover your mouse over the application entry, click on the three-dots icon than appears on the right, and select Edit (pencil icon) 
  3. In the Update Environment form, find that Integration section on the right-hand side and check the “Link to Issue Tracking Project”.
  4. Select the ServiceNow account and team that you want to link the Environment to.
  5. Click the “Save Integrations Config” button to save the changes.

Once the process is completed a ServiceNow logo will appear next to the environment in the Environment list to indicate that the environment is currently linked to a ServiceNow Incidents team.

D. Create a ServiceNow Incident to Track a Vulnerability

Once ServiceNow is fully integrated with your AppSec Phoenix account, you can create ServiceNow incidents to keep track and monitor a Vulnerability identified in your Application. Here are the steps for you to follow:

  1. On the Navigation Menu, click Vulnerabilities.
  2. Scroll down until you see the Vulnerabilities section. Look for the Vulnerability you wish to track with ServiceNow and click the ServiceNow icon corresponding to it (marked with the white line in the screenshot below).
  3. Once a ticket has been successfully created, the ticket reference number and status will be displayed where the ServiceNow icon was located in step 2. An example has been marked with a red line in the screenshot below.
  1. Click on the ticket reference number to open the incident ticket page in ServiceNow.

You can monitor the progress of the ticket on ServiceNow moving forward.

E. Create WebHooks to Get Status Updates

In order to get status updates for your tickets delivered to AppSec Phoenix, you need to configure a webhook in ServiceNow’s Admin area. We are working to make this process automatic, but at the moment you need to contact AppSec Phoenix support team for guidance and details on how to create and configure a webhook. Unfortunately, it is a multi-step process in ServiceNow.

Updated on September 17, 2022

Related Articles

x Logo: Shield Security
This Site Is Protected By
Shield Security