Data Security Administration
  • Data Security Administration
  • SaaS Security Documentation
  • All Documentation
>
Begin Scanning a ServiceNow App
Focus
Download PDF
Focus
  1. Home
  2. SaaS Security
  3. Onboard Sanctioned SaaS Apps to Data Security
  4. Begin Scanning a ServiceNow App
Download PDF
SaaS Security

Begin Scanning a ServiceNow App

Table of Contents

Begin Scanning a ServiceNow App

Learn how to add a ServiceNow app so that Data Security can protect your assets against data exfiltration and malware propagation.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Strata Cloud Manager)
  • Data Security license
Or any of the following licenses that include the Data Security license:
  • CASB-X
  • CASB-PA
To connect ServiceNow to Data Security and begin scanning files and folders, you need to:
  • Ensure that you have a ServiceNow account which has sufficient privileges.
  • Grant Data Security access to ServiceNow.
  • Add the ServiceNow app to Data Security, providing Data Security information about your ServiceNow.
Support for automated remediation capabilities varies by SaaS application.
  • Add ServiceNow App
  • Customize ServiceNow App
  • Identify Risks
  • Tables Scanned by DLP

Add ServiceNow App

In order for Data Security to scan assets, you must consent to specific permissions during the course of adding the ServiceNow app. Without the requested permissions, Data Security can't authenticate with ServiceNow and can't scan assets, even after you successfully install the ServiceNow app.
  1. (Recommended) Add your ServiceNow app domain as an internal domain.
  2. Register Data Security in the ServiceNow management console.
    1. Log in to the ServiceNow management console as admin.
    2. Select System OAuthApplication Registry.
    3. Select NewCreate an OAuth API endpoint for external clients.
    4. Enter a unique Name for Data Security.
    5. If you're using the Istanbul and later releases, enter a Redirect URI or URL. The redirect you enter depends on the Data Security location:
      For North America, use:
      https://app.aperture.paloaltonetworks.com/auth/servicenow/callback
      For Europe, use:
      https://app.aperture-eu.paloaltonetworks.com/auth/servicenow/callback
      For Asia-Pacific, use:
      https://app.aperture-apac.paloaltonetworks.com/auth/servicenow/callback
      For India, use:
      https://app.in1.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
      For Japan, use:
      https://app.jp1.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
      For UK, use:
      https://app.uk2.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
      For Australia, use:
      https://app.au1.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
    6. Submit your changes.
  3. To add the ServiceNow app to Data Security, log in to Strata Cloud Manager and select Data SecurityApplicationsAdd ApplicationServiceNow.
    1. Log in to the ServiceNow app.
      • For Istanbul and later releases, enter the ServiceNow URL (for example, https://acmecorp.service-now.com/), Client ID, and Client Secret.
      • For earlier releases (Fuji, Geneva, or Helsinki) enter the ServiceNow URL (for example, https://acmecorp.service-now.com/), Client ID, and Client Secret. Also, enter the Username and Password for your ServiceNow account.
      You can copy the client ID and client secret from the System OAuthApplication Registry page in the ServiceNow management console.
    2. Click OK.
    3. Allow Data Security access to the ServiceNow account.
      After authentication, the new ServiceNow app is added to the list of Cloud Apps as ServiceNow n, where n represents the number of ServiceNow app instances you have connected to Data Security. The instance displays a list of
      available tables
      .
  4. Next step: Proceed to
    Customize ServiceNow App
    .

Customize ServiceNow App

Customizations include modifying your ServiceNow app name.
  1. (Optional) Give a descriptive name to this app instance.
    1. Select Settings and select the ServiceNow n instance listed.
    2. Enter a descriptive Name to differentiate this instance of ServiceNow from other instances.
  2. (Recommended) Enter an Admin UserName (for example, admin@servicenow.com).
    As a best practice, create a separate administrator account and use that email address for Data Security. If you opt to use an existing admin account instead of a new account, the administrator activities are not tracked on Data Security. Creating a separate account enables you to monitor events generated by ServiceNow administrators on ExploreActivities.
  3. Click Done to save your changes.
  4. Next step: Proceed to
    Identify Risks
    .

Identify Risks

When you add a new cloud app, then enable scanning, Data Security automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
  1. Start scanning the new ServiceNow app for risks.
  2. Monitor the scan results.
    During the discovery phase, as Data Security scans files and matches them against enabled policy rules, verify that your default policy rules are effective. If the results don’t capture all risks or you see false positives, proceed to next step to improve your results.
  3. (Optional) Modify match criteria for existing policy rules.
  4. (Optional) Add new policy rules.
    Consider the business use of your cloud app, then identify risks unique to your enterprise. As necessary, add new:
  5. (Optional) Configure or edit a data pattern.
    You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.

Tables Scanned by DLP

The DLP service scans the following database tables on ServiceNow. To enforce best practice, the SaaS Security web interface does not allow you to add or remove database tables from scans: SaaS administrators need to consult with the database administrator before adding or removing tables from scans. After consulting with your database administrator, contact Palo Alto Networks Customer Support to manually add or remove a table.
If ServiceNow does not expose a given database table, the DLP service can't scan it.
change_phase
change_request
change_request_imac
change_task
cmdb
incident
incident_task
kb_knowledge
kb_submission
problem
problem_task
release_phase
release_task
task
ticket
sc_req_item
sc_request
sc_task
sn_hr_core_beneficiary
sn_hr_core_benefit
sn_hr_core_benefit_provider
sn_hr_core_benefit_type
sn_hr_core_bonus
sn_hr_core_case
sn_hr_core_case_operations
sn_hr_core_case_payroll
sn_hr_core_case_relations
sn_hr_core_case_talent_management
sn_hr_core_case_total_rewards
sn_hr_core_case_workforce_admin
sn_hr_core_direct_deposit
sn_hr_core_op_report
sn_hr_core_op_report_frequency
sn_hr_core_op_report_type
sn_hr_core_op_system
sn_hr_core_op_system_to_report_type
sn_hr_core_profile_bank_account
sn_hr_core_retirement_benefit
sn_hr_core_task
sn_hr_core_tuition_reimbursement
sn_si_incident
sn_si_request
sn_si_task
sysapproval_group

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.