ServiceNow Integration

The ServiceNow integration provides InsightCloudSec with the ability to send notification messages as ServiceNow incidents and is compatible with all InsightCloudSec resources. For example, you can send high priority security alerts when noncompliant Security Group rules are provisioned, such as SSH open to the world.

Check out our BotFactory & Automation documentation for more details on our automation capabilities or Working with Bots (Best Practices & Examples) for some examples.

Prerequisites

Before getting started with this integration ensure you have the following:

• A functioning InsightCloudSec platform installation with an admin role
• ServiceNow may require an admin-based role for account authorization.
  • Note: If you do not have this role, please reach out to an Admin or Account Owner within your organization to configure the integration.

For general information about Integrations (editing and deleting), refer to the Integrations Overview page. For general information on ServiceNow, check out the ServiceNow documentation for details.

If you need help with this integration, contact us through the Customer Support Portal.

Setup ServiceNow

1. Access ServiceNow - On the homepage of ServiceNow, your instance (if you’ve already provisioned one) shows on the right hand side of the screen. You can also find your instance URL by clicking “Manage” at the top, and select “Instance”. Your username and password is provided for you when you provision the instance. When you first sign into your ServiceNow instance, you’ll be prompted to change your password.

2. From InsightCloudSec navigate to "Administration --> Integrations" and locate the ServiceNow card.

3. Select "Edit" on the ServiceNow card and update the form with the following information:

• Instance
• Username
• Password

4. Click "Save" to complete your ServiceNow integration. Once this is done you can now leverage the ServiceNow action within your Bot configurations.

InsightCloudSec includes Bot actions that you can use to create ServiceNow actions as part of your integration.

• For detailed step-by-step instructions on using automation check out our documentation on Creating Bots
• You can also check out Working with Bots (Best Practices & Examples) if you want to review some examples.

In the example below you can specify the urgency (high, medium, low) of the incidents and message sent for each action.

Results of the InsightCloudSec Bot with the ServiceNow integration will surface in your ServiceNow console.

Configuring the "ServiceNow Incident" Bot Action

The following are steps to create a Bot to assist in validating the configuration of your ServiceNow Integration.

1. Go to the BotFactory page and click "Create Bot"

2. Complete the About Bot, Resource Type & Groups, and Filters sections.

3. In the Actions section, click "Add Action" and find the "ServiceNow Incident" action.

4. Select an urgency for the incident.

5. Provide a description to include with the incident. You can include actionable information with Jinja2 formatting. For example:

A resource of type ```{{resource.get_resource_type()}}``` is part of a ServiceNow Incident. 
The resource name is ```{{resource.get_resource_name()}}```. 
It lives in account ```{{resource.get_organization_service_name()}}```.

6. Provide optional comments to include with the incident. You can include actionable information with Jinja2 formatting.

7. Provide an assignment group to associate with the incident. You can customize the assignment group using Jinja2 formatting. For example, you can choose assignment groups based upon how the resource's cloud account is badged, e.g.,

badge key = main_assignment_group
badge value = production_cloud_team

where you would use the following Jinja2 formatting, which pulls the badge value based upon the badge key:

{{resource.get_badge_value_by_key_for_parent_cloud('main_assignment_group')}}

8. Provide a CMDB CI to associate with the incident.
9. Finish creating the bot and click "Save".