Integrating ServiceNow with AIOps for NGFW
AIOps for NGFW
Learn how to set up the integration between
AIOps for NGFW
and ServiceNow.When configuring your ServiceNow integration on the
AIOps for NGFW
Notification Rule, you need the following:- Configured ServiceNow instance with administrative access
- ServiceNow username and password with web access and specific roles to create incidents or query various tables
- Client ID and Password created under Application Registry in order to authorize AIOps to access your ServiceNow Instance
- URL of your ServiceNow instance
Your ServiceNow instance should also have an
Incident
table
for AIOps to send alerts to, and Assignment Groups
with
Assignees
so that these alerts can be raised to specific
people. - Creating a ServiceNow Rest User.Create a new ServiceNow User with specific roles to read and write to the various tables needed for the integration (Incident, Assignment Groups, and Assignees).
- To create a user in ServiceNow, navigate toUsersunderSecurity > Users and Groups.
- Check theWeb service access onlycheck box and submit your changes.
- Search for the newly created user. Select theRolestab in the table at the bottom of the page and clickEdit. You will need to give the user permissions for the following three roles:itil, sn_incident_read, andsn_incident_write. Save your changes.
- ClickSet Passwordon the User page. In the pop-up window, clickGenerateandSave Password. Make sure to copy the password to a secure location along with the User ID. This information will be used to populate theServiceNow Usercredentials inAIOps for NGFW.
- Create a Web OAuth client.An OAuth client is required forAIOps for NGFWto authenticate into your ServiceNow instance.
- Navigate toSystem OAuth > Application Registry.
- Create a new entry and selectCreate an OAuth API endpoint for external clientsin the following page.
- Add a Name for the OAuth and create aClient Secret. TheClient Secretcan also be left blank if an auto-generated secret is wanted. ClickSubmitand then navigate back to the Application Registry entry and save both theClient IDandClient Secretin a safe place. This information will be used under theClient credentialforms inAIOps for NGFW.
- Add ServiceNow Account Settings information inAIOps for NGFW.Add the information from the previous steps inAIOps for NGFWto complete the integration between ServiceNow andAIOps for NGFW.You need the following:
- YourServiceNow Instance URL
- ServiceNow UserandPasswordfrom Step 1
- Client IDandClient Secretfrom Step 2
- InAIOps for NGFW, navigate toAlert Notification Rulesand clickAdd Notification Rule.
- Fill in fields such asRule NameandAlert Condition, then click the check box forServiceNowunderNotification Type and Recipients.
- ClickServiceNow Account Settingsat the bottom of the sidebar. Fill the following form with the information that was saved previously.ServiceNow UserandServiceNow Passwordfrom Step 1, where you set up the Rest User.Client IdandClient Secretfrom Step 2, where you set up the Application Registration. Leave the version as is. ClickTestto save the configuration and post a test incident to your ServiceNow instance. This must be successful to proceed. ClickNext.
- Expand thePlease select a templatedrop down, and clickCreate a new ServiceNow Template.
- EnterServiceNow Template Nameand then choose a group from theAssignment Groupdrop-down list. Choose an assignee from theAssigneedrop-down list. Note that these drop-down lists are populated by calling the following tables from your ServiceNow instance:
- System Security > Users and Groups > Users
- System Security > Users and Groups > Groups
If there are no Groups defined, then theAssignment Groupdrop-down list will not populate. If there are no Users assigned to a specific Group, theAssigneesdrop-down list will not populate. ClickNextand thenSave Rule.
