Begin Scanning a ServiceNow App

To begin scanning a ServiceNow app:
  1. Register the Aperture Service in the ServiceNow management console.
    1. Log in to the ServiceNow management console as admin.
    2. Select System OAuthApplication Registry.
    3. Select NewCreate an OAuth API endpoint for external clients.
    4. Enter a unique Name for the Aperture service.
    5. If you are using the Istanbul (or higher) release, enter a Redirect URI/URL. The redirect you enter depends on your Aperture service location:
      For North America, use:
      For Europe, use:
      For Asia-Pacific, use:
    6. Submit your changes.
  2. Add the ServiceNow app.
    1. From the Aperture Dashboard, Add a Cloud App.
    2. Select ServiceNow.
    3. Select one of the following:
      • Connect to ServiceNow Account—Select this option if you’re using an earlier release of ServiceNow (Fuji, Geneva, or Helsinki).
      • Istanbul or higher—Select this option is you are using the ServiceNow Istanbul (or higher) release.
    4. Log in to the ServiceNow app.
      • For Istanbul or higher, enter the ServiceNow URL (for example,, Client ID, and Client Secret.
      • For earlier releases (Fuji, Geneva, or Helsinki) enter the ServiceNow URL (for example,, Client ID, and Client Secret. Also, enter the Username and Password for your ServiceNow account.
      You can copy the client ID and client secret from the System OAuthApplication Registry page in the ServiceNow management console.
    5. Click OK.
    6. Allow Aperture to access your ServiceNow account.
      Upon successful authentication using an account with the appropriate privileges, the new ServiceNow app is added to the list of Cloud Apps as ServiceNow n, where n is the number of ServiceNow app instances you have connected to the Aperture service. For example, if this is the second ServiceNow app you have added to the Aperture service, the name displays as ServiceNow 2.
      The ServiceNow app instance displays a list of available tables and you can contact Palo Alto Networks Customer Support to add any additional ServiceNow tables to the Aperture service.
  3. Give a descriptive name to this app instance and specify additional app settings.
    1. Select the ServiceNow n link on the Cloud Apps list.
    2. (Optional) Enter a descriptive Name to differentiate this instance of ServiceNow from other instances you are securing.
    3. Enter an Admin UserName (for example,
      As a best practice, create a separate administrator account and use that email address on the Aperture service. If you opt to use an existing admin account instead of using a new account just for the Aperture service, the activities of the administrator whose email address you enter here are not tracked on the Aperture service. Creating a separate account enables you to monitor events generated by actual ServiceNow administrators on ExploreActivities without missing events associated with the admin account you provide here.
    4. By default, the Aperture service displays a list of tables retrieved from ServiceNow.
    5. Click Done to save your changes.
  4. Define global scan settings.
  5. Add policy rules.
    When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of your app to determine whether you want toAdd a New Policy Rule for Content to look for risks unique to the new app.
  6. (Optional) Configure or edit a data pattern.
    When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  7. Start scanning the new app for risks.
    1. Select SettingsCloud Apps & Scan Settings.
    2. In the Cloud Apps row that corresponds to the new ServiceNow app you just added, select ActionsStart Scanning.
      The status changes to Scanning. The Aperture service starts scanning all assets in the associated ServiceNow app and begins identifying incidents. Depending on the number of ServiceNow users and assets, it may take some time for the Aperture service to complete the process of discovering all assets and users. However, as soon as you begin to see this information populating in the Aperture web interface, you can begin to Assess Incidents.
  8. Monitor the results of the scan.
    As the Aperture service starts scanning files and matching them against enabled policy rules, Monitor Scan Results on the Dashboard to verify that your policy rules are effective.
    Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.

Related Documentation