After completing this article, you will learn how to:
– Integrate your ServiceNow account with your Phoenix Security account
– Link Applications and Environments to ServiceNow Incidents teams
– Create incident tickets to track Vulnerabilities in your Phoenix Security Applications and Environments
– Get status updates back into Phoenix Security by creating a webhook in ServiceNow
Prerequisites
– In order to integrate ServiceNow to your Phoenix Security instance, you should have access to the platform as an Organisation Admin user.
– Access to your ServiceNow platform to obtain integration credentials
A. Integrating ServiceNow Incidents
ServiceNow API Credentials
In order to authenticate with the ServiceNow API server you need user credentials and a set of OAuth client credentials. You will need these details later, when configuring the integration in Phoenix Security.
User Credentials
In order to connect with ServiceNow from Phoenix Security you need he credentials (username and password) of a user that has the “itil” role assigned to it. The recommendation is to create a user specifically for the integration so that you can better control its credentials and permissions, but any active user with the right role/permissions would work. You can manage users within Service Now by navigating to Organisation > Users.
OAuth Client Credentials
As well as the user’s credentials described above, you need to create an entry in the Application Registry to allow Phoenix Security to access ServiceNow’s API. You can do that by navigating to System OAuth > Application Registry and clicking on “New“.
Enter a name for the client application and provide a client secret. Make sure that the “Active” tick-box is selected and leave the “Lifespan” default values. Then Save/Update the application entry.
Integrating ServiceNow into Phoenix Security
Before using ServiceNow Incidents integration features within your Phoenix Security instance, you have to set it up first by configuring the ServiceNow – Phoenix Security integration. Here are the steps to complete the integration process:
- On the Navigation Menu, go to Integrations > Workflow. Then click on the Create Workflow button.
- In the first step enter an name for the integration and select the ServiceNow integration type. Then click Next.
- On the second step you need to provide the ServiceNow connection details obtained at the start of this article:
- Server URL: The base url of your ServiceNow instance
- Client ID and Secret: from the OAuth clientcredentials
- Username and Password: from the user credentials
- Click the “Save Workflow” button.
B. Link ServiceNow Incidents to an Application
In order to link an existing Phoenix Security Application to ServiceNow, you need to edit the Application and enable the “Link to Issue Tracking Project” checkbox.
- On the Navigation Menu, select Risk Explorer > Applications.
- Select the Application List tab and scroll down to the Application that you want to update. Hover your mouse over the application entry, click on the three-dots icon than appears on the right, and select Edit (pencil icon).
- In the Update Application form, find that Integration section on the right-hand side and check the “Link to Issue Tracking Project”.
- Select the ServiceNow integration account and Incident team that you want to link the Application to.
- Click the “Save Integrations Config” button to save the changes.
By linking your application to a ServiceNow team you will be able to create tickets in Incidents for the application’s vulnerabilities with a single click.
Once the process is completed a ServiceNow logo will appear next to the Application in the Applications list to indicate that the Application is currently linked to ServiceNow Incidents.
C. Link ServiceNow to an Environment
In order to link an existing Phoenix Security Environment to ServiceNow, you need to edit the Environment and enable the link to “Link to Issue Tracking Project” checkbox. The whole process is analogous to the one for Applications (above):
- On the Navigation Menu, select Risk Explorer > Environments.
- Select the Environment List tab and scroll down to the Environment that you want to update. Hover your mouse over the application entry, click on the three-dots icon than appears on the right, and select Edit (pencil icon)
- In the Update Environment form, find that Integration section on the right-hand side and check the “Link to Issue Tracking Project”.
- Select the ServiceNow account and team that you want to link the Environment to.
- Click the “Save Integrations Config” button to save the changes.
Once the process is completed a ServiceNow logo will appear next to the environment in the Environment list to indicate that the environment is currently linked to a ServiceNow Incidents team.
D. Create a ServiceNow Incident to Track a Vulnerability
Once ServiceNow is fully integrated with your Phoenix Security account, you can create ServiceNow incidents to keep track and monitor a Vulnerability identified in your Application. Here are the steps for you to follow:
- On the Navigation Menu, click Vulnerabilities.
- Scroll down until you see the Vulnerabilities section. Look for the Vulnerability you wish to track with ServiceNow and click the ServiceNow icon corresponding to it (marked with the white line in the screenshot below).
- Once a ticket has been successfully created, the ticket reference number and status will be displayed where the ServiceNow icon was located in step 2. An example has been marked with a red line in the screenshot below.
- Click on the ticket reference number to open the incident ticket page in ServiceNow.
You can monitor the progress of the ticket on ServiceNow moving forward.
E. Create WebHooks to Get Status Updates
In order to get status updates for your tickets delivered to Phoenix Security, you need to configure a webhook in ServiceNow’s Admin area. We are working to make this process automatic, but at the moment you need to contact Phoenix Security support team for guidance and details on how to create and configure a webhook. Unfortunately, it is a multi-step process in ServiceNow.
