: Begin Scanning a ServiceNow App
Focus
Focus

Begin Scanning a ServiceNow App

Table of Contents

Begin Scanning a ServiceNow App

Learn how to add a ServiceNow app so that
Data Security
can protect your assets against data exfiltration and malware propagation.
To connect ServiceNow to
Data Security
and begin scanning files and folders, you need to:
  • Ensure that you have a ServiceNow account with has sufficient privileges.
  • Grant
    Data Security
    access to ServiceNow.
  • Add the ServiceNow app to
    Data Security
    , providing
    Data Security
    information about your ServiceNow.
Support for automated remediation capabilities varies by SaaS application.

Add ServiceNow App

In order for
Data Security
to scan assets, you must consent to specific permissions during the course of adding the ServiceNow app. Without the requested permissions,
Data Security
can't authenticate with ServiceNow and can't scan assets, even after you successfully install the ServiceNow app.
  1. (
    Recommended
    ) Add your ServiceNow app domain as an internal domain.
  2. Register
    Data Security
    in the ServiceNow management console.
    1. Log in to the ServiceNow management console as admin.
    2. Select
      System OAuth
      Application Registry
      .
    3. Select
      New
      Create an OAuth API endpoint for external clients
      .
    4. Enter a unique
      Name
      for
      Data Security
      .
    5. If you're using the Istanbul (or higher) release, enter a
      Redirect URI or URL
      . The redirect you enter depends on the
      Data Security
      location:
      For North America, use:
      https://app.aperture.paloaltonetworks.com/auth/servicenow/callback
      For Europe, use:
      https://app.aperture-eu.paloaltonetworks.com/auth/servicenow/callback
      For Asia-Pacific, use:
      https://app.aperture-apac.paloaltonetworks.com/auth/servicenow/callback
      For India, use:
      https://app.in1.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
      For Japan, use:
      https://app.jp1.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
      For UK, use:
      https://app.uk2.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
      For Australia, use:
      https://app.au1.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
    6. Submit
      your changes.
  3. To add the ServiceNow app on
    Data Security
    , go to
    Data Security
    Applications
    Add Application
    ServiceNow
    .
    1. Select one of the following:
      • Connect to ServiceNow Account
        —Select this option if you’re using an earlier release of ServiceNow (Fuji, Geneva, or Helsinki).
      • Istanbul or higher
        —Select this option is you're using the ServiceNow Istanbul (or higher) release.
    2. Log in to the ServiceNow app.
      • For Istanbul or higher, enter the
        ServiceNow URL
        (for example,
        https://acmecorp.service-now.com/
        ),
        Client ID
        , and
        Client Secret
        .
      • For earlier releases (Fuji, Geneva, or Helsinki) enter the
        ServiceNow URL
        (for example,
        https://acmecorp.service-now.com/
        ),
        Client ID
        , and
        Client Secret
        . Also, enter the
        Username
        and
        Password
        for your ServiceNow account.
      You can copy the client ID and client secret from the
      System OAuth
      Application Registry
      page in the ServiceNow management console.
    3. Click
      OK
      .
    4. Allow
      Data Security
      access to the ServiceNow account.
      After authentication, the new ServiceNow app is added to the list of Cloud Apps as ServiceNow n, where n represents the number of ServiceNow app instances you have connected to
      Data Security
      . The instance displays a list of available tables.
  4. Next step
    : Proceed to Customize ServiceNow App.

Customize ServiceNow App

Customizations include modifying your ServiceNow app name.
  1. (
    Optional
    ) Give a descriptive name to this app instance.
    1. Go to
      Settings
      and select the ServiceNow n instance listed.
    2. Enter a descriptive
      Name
      to differentiate this instance of ServiceNow from other instances.
  2. (
    Recommended
    ) Enter an
    Admin UserName
    (for example,
    admin@servicenow.com
    ).
    As a best practice, create a separate administrator account and use that email address for
    Data Security
    . If you opt to use an existing admin account instead of a new account, the administrator activities are not tracked on
    Data Security
    . Creating a separate account enables you to monitor events generated by ServiceNow administrators on
    Explore
    Activities
    .
  3. Click
    Done
    to save your changes.
  4. Next step
    : Proceed to Identify Risks.

Identify Risks

When you add a new cloud app, then enable scanning,
Data Security
automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
  1. Start scanning the new ServiceNow app for risks.
  2. During the discovery phase, as
    Data Security
    scans files and matches them against enabled policy rules, verify that your default policy rules are effective. If the results don’t capture all risks or you see false positives, proceed to next step to improve your results.
  3. (
    Optional
    ) Modify match criteria for existing policy rules.
  4. (
    Optional
    ) Add new policy rules.
    Consider the business use of your cloud app, then identify risks unique to your enterprise. As necessary, add new:
  5. (
    Optional
    ) Configure or edit a data pattern.
    You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.

Tables Scanned by DLP

The DLP service scans the following database tables on ServiceNow. To enforce best practice, the SaaS Security web interface does not allow you to add or remove database tables from scans: SaaS administrators need to consult with the database administrator before adding or removing tables from scans. After consulting with your database administrator, contact Palo Alto Networks Customer Support to manually add or remove a table.
If ServiceNow does not expose a given database table, the DLP service can't scan it.
change_phase
change_request
change_request_imac
change_task
cmdb
incident
incident_task
kb_knowledge
kb_submission
problem
problem_task
release_phase
release_task
task
ticket
sc_req_item
sc_request
sc_task
sn_hr_core_beneficiary
sn_hr_core_benefit
sn_hr_core_benefit_provider
sn_hr_core_benefit_type
sn_hr_core_bonus
sn_hr_core_case
sn_hr_core_case_operations
sn_hr_core_case_payroll
sn_hr_core_case_relations
sn_hr_core_case_talent_management
sn_hr_core_case_total_rewards
sn_hr_core_case_workforce_admin
sn_hr_core_direct_deposit
sn_hr_core_op_report
sn_hr_core_op_report_frequency
sn_hr_core_op_report_type
sn_hr_core_op_system
sn_hr_core_op_system_to_report_type
sn_hr_core_profile_bank_account
sn_hr_core_retirement_benefit
sn_hr_core_task
sn_hr_core_tuition_reimbursement
sn_si_incident
sn_si_request
sn_si_task
sysapproval_group

Recommended For You