InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

ServiceNow Integration

Instructions for Integration Between ServiceNow & InsightCloudSec

The ServiceNow integration provides InsightCloudSec with the ability to send notification messages as ServiceNow incidents and is compatible with all InsightCloudSec resources. For example, you can send high priority security alerts when noncompliant Security Group rules are provisioned, such as SSH open to the world.

Check out our BotFactory & Automation documentation for more details on our automation capabilities or Working with Bots (Best Practices & Examples) for some examples.

Prerequisites

Before getting started with this integration ensure you have the following:

  • A functioning InsightCloudSec platform installation with an admin role
  • ServiceNow may require an admin-based role for account authorization.
    • Note: If you do not have this role, please reach out to an Admin or Account Owner within your organization to configure the integration.

For general information about Integrations (editing and deleting), refer to the Integrations Overview page. For general information on ServiceNow, check out the ServiceNow documentation for details.

If you need help with this integration, contact [email protected].

Setup ServiceNow

1. Access ServiceNow - On the homepage of ServiceNow, your instance (if you’ve already provisioned one) shows on the right hand side of the screen. You can also find your instance URL by clicking “Manage” at the top, and select “Instance”. Your username and password is provided for you when you provision the instance. When you first sign into your ServiceNow instance, you’ll be prompted to change your password.

2. From InsightCloudSec navigate to "Administration --> Integrations" and locate the ServiceNow card.

3. Select "Edit" on the ServiceNow card and update the form with the following information:

  • Instance
  • Username
  • Password
ServiceNow Integration FormServiceNow Integration Form

ServiceNow Integration Form

4. Click "Save" to complete your ServiceNow integration. Once this is done you can now leverage the ServiceNow action within your Bot configurations.

InsightCloudSec includes Bot actions that you can use to create ServiceNow actions as part of your integration.

In the example below you can specify the urgency (high, medium, low) of the incidents and message sent for each action.

Creating a ServiceNow BotCreating a ServiceNow Bot

Creating a ServiceNow Bot

Results of the InsightCloudSec Bot with the ServiceNow integration will surface in your ServiceNow console.

ServiceNow Bot Automation ExampleServiceNow Bot Automation Example

ServiceNow Bot Automation Example

Configuring the "ServiceNow Incident" Bot Action

The following are steps to create a Bot to assist in validating the configuration of your ServiceNow Integration.

1. Go to the BotFactory page and click "Create Bot"

2. Complete the About Bot, Resource Type & Groups, and Filters sections.

3. In the Actions section, click "Add Action" and find the "ServiceNow Incident" action.

Configuring the ServiceNow Incident BotConfiguring the ServiceNow Incident Bot

Configuring the ServiceNow Incident Bot

4. Select an urgency for the incident.

5. Provide a description to include with the incident. You can include actionable information with Jinja2 formatting. For example:

A resource of type ```{{resource.get_resource_type()}}``` is part of a ServiceNow Incident. 
The resource name is ```{{resource.get_resource_name()}}```. 
It lives in account ```{{resource.get_organization_service_name()}}```.

6. Provide optional comments to include with the incident. You can include actionable information with Jinja2 formatting.

7. Provide an assignment group to associate with the incident. You can customize the assignment group using Jinja2 formatting. For example, you can choose assignment groups based upon how the resource's cloud account is badged, e.g.,

badge key = main_assignment_group
badge value = production_cloud_team

where you would use the following Jinja2 formatting, which pulls the badge value based upon the badge key:

{{resource.get_badge_value_by_key_for_parent_cloud('main_assignment_group')}}
Configuring the Bot ActionConfiguring the Bot Action

Configuring the Bot Action

8. Provide a CMDB CI to associate with the incident.
9. Finish creating the bot and click "Save".

Updated 10 days ago

ServiceNow Integration


Instructions for Integration Between ServiceNow & InsightCloudSec

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.