Set up ServiceNow for Integration
Table of Contents
Expand all | Collapse all
-
- Integrate IoT Security with AIMS
- Set up AIMS for Integration
- Set up IoT Security and XSOAR for AIMS Integration
- Send Work Orders to AIMS
- Integrate IoT Security with Microsoft SCCM
- Set up Microsoft SCCM for Integration
- Set up IoT Security and XSOAR for SCCM Integration
- Integrate IoT Security with Nuvolo
- Set up Nuvolo for Integration
- Set up IoT Security and XSOAR for Nuvolo Integration
- Send Security Alerts to Nuvolo
- Send Vulnerabilities to Nuvolo
- Integrate IoT Security with ServiceNow
- Set up ServiceNow for Integration
- Set up IoT Security and XSOAR for ServiceNow Integration
- Send Security Alerts to ServiceNow
- Send Vulnerabilities to ServiceNow
-
- Integrate IoT Security with Cortex XDR
- Set up Cortex XDR for Integration
- Set up IoT Security and XSOAR for XDR Integration
- Integrate IoT Security with CrowdStrike
- Set up CrowdStrike for Integration
- Set up IoT Security and XSOAR for CrowdStrike Integration
- Integrate IoT Security with Tanium
- Set up Tanium for Integration
- Set up IoT Security and XSOAR for Tanium Integration
-
- Integrate IoT Security with Aruba Central
- Set up Aruba Central for Integration
- Set up IoT Security and XSOAR for Aruba Central Integration
- Integrate IoT Security with Cisco DNA Center
- Set up Cisco DNA Center to Connect with XSOAR Engines
- Set up IoT Security and XSOAR for DNA Center Integration
- Integrate IoT Security with Cisco Meraki Cloud
- Set up Cisco Meraki Cloud for Integration
- Set up IoT Security and XSOAR for Cisco Meraki Cloud
- Integrate IoT Security with Cisco Prime
- Set up Cisco Prime to Accept Connections from IoT Security
- Set up IoT Security and XSOAR for Cisco Prime Integration
- Integrate IoT Security with Network Switches for SNMP Discovery
- Set up IoT Security and Cortex XSOAR for SNMP Discovery
- Integrate IoT Security with Switches for Network Discovery
- Set up IoT Security and Cortex XSOAR for Network Discovery
-
- Integrate IoT Security with Aruba WLAN Controllers
- Set up Aruba WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Aruba WLAN Controllers
- Integrate IoT Security with Cisco WLAN Controllers
- Set up Cisco WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Cisco WLAN Controllers
-
- Integrate IoT Security with Aruba ClearPass
- Set up Aruba ClearPass for Integration
- Set up IoT Security and XSOAR for ClearPass Integration
- Put a Device in Quarantine Using Aruba ClearPass
- Release a Device from Quarantine Using Aruba ClearPass
- Integrate IoT Security with Cisco ISE
- Set up Cisco ISE to Identify IoT Devices
- Set up Cisco ISE to Identify and Quarantine IoT Devices
- Configure ISE Servers as an HA Pair
- Set up IoT Security and XSOAR for Cisco ISE Integration
- Put a Device in Quarantine Using Cisco ISE
- Release a Device from Quarantine Using Cisco ISE
- Apply Access Control Lists through Cisco ISE
- Integrate IoT Security with Cisco ISE pxGrid
- Set up Integration with Cisco ISE pxGrid
- Put a Device in Quarantine Using Cisco ISE pxGrid
- Release a Device from Quarantine Using Cisco ISE pxGrid
- Integrate IoT Security with Forescout
- Set up Forescout for Integration
- Set up IoT Security and XSOAR for Forescout Integration
- Put a Device in Quarantine Using Forescout
- Release a Device from Quarantine Using Forescout
-
- Integrate IoT Security with Qualys
- Set up QualysGuard Express for Integration
- Set up IoT Security and XSOAR for Qualys Integration
- Perform a Vulnerability Scan Using Qualys
- Get Vulnerability Scan Reports from Qualys
- Integrate IoT Security with Rapid7
- Set up Rapid7 InsightVM for Integration
- Set up IoT Security and XSOAR for Rapid7 Integration
- Perform a Vulnerability Scan Using Rapid7
- Get Vulnerability Scan Reports from Rapid7
- Integrate IoT Security with Tenable
- Set up Tenable for Integration
- Set up IoT Security and XSOAR for Tenable Integration
- Perform a Vulnerability Scan Using Tenable
- Get Vulnerability Scan Reports from Tenable
Set up ServiceNow for Integration
Set up ServiceNow for integration with
IoT Security
through
IoT Security
.The following are prerequisites for setting
up ServiceNow for integration with
IoT Security
:- A configured ServiceNow instance with administrative access
- A ServiceNow user account that XSOAR will use to form a secure connection with the ServiceNow instance and send it device attributes, security alerts, and vulnerabilities
- Your ServiceNow URL
When configuring the
ServiceNow instance on XSOAR, you will be prompted to enter the
username and password of the ServiceNow user account and the ServiceNow
URL.
On your ServiceNow instance, you must set up one or two tables, depending
on which method you use to map device attributes from
IoT Security
to
ServiceNow. - If you map device attributes into a ServiceNow table, you need two tables: one to receive device records and another to receive incidents fromIoT Security. For ServiceNow to receive device records, you can either modify an existing table or create a new one. For ServiceNow to receive security incidents, you must create a new table.
- If you map device types, categories, or profiles fromIoT Securityto ServiceNow classes, then you only need to create a new table to receive security incidents.
ServiceNow configuration instructions are based on Newyork build, 11-04-2020_1502 and
Tokyo build, 12-11-2023_2153.
- Mapping method: Use ServiceNow ClassesAdd support for the Purdue levels to which OT devices are assigned.If you want to use the ServiceNow IoT Device table as the mapping method, skip this step and proceed to step 2.This mapping method, using ServiceNow classes, focuses on OT devices, and all but one of the OT device attributes thatIoT Securitysends ServiceNow are predefined in the ServiceNow Configuration Item class. The one attribute for OT devices that must be added is for Purdue Level assignments.Because ServiceNow classes use an inheritance system, child classes inherit attributes added to their parent classes. Therefore, when you add PANW Purdue Level as a device attribute to the Configuration Item class, it’s listed asAddedthere, and it’s listed asDerivedin the Hardware class, which is a child class of Configuration Item and inherits all its attributes. The following steps describe how to add the attribute to the Configuration Item class.It’s possible to use the class mapping method to map attributes for other device types such as IoT and IT devices. However, you might need to configure additional attributes for them in ServiceNow and you must modify XSOAR integration jobs for ServiceNow to include a mapping of their device type, category, or profile inIoT Securityto the appropriate class in ServiceNow. In this configuration step, it’s assumed that you are only interested in havingIoT Securitysend ServiceNow OT device attributes.
- SelectAllat the top of the ServiceNow page, enterin the Filter navigator field, and then selectci class.CI Class ManagerHierarchy
- Selectand then double-clickConfiguration ItemAttributesAddedInsert a new row.
- Enteras the Column label and then click the green check mark.PANW Purdue LevelServiceNow automatically createsu_panw_purdue_levelas the entry in the Column name field to indicate it’s a user-defined attribute.
- Leave the other settings for Type, Max length, and so on at their default values andSave.
- Mapping method: Use ServiceNow IoT Device TableCreate or edit a ServiceNow table for receiving device records fromIoT Security.If you are creating a new table, do step 2.1. If you are editing an existing table, go to step 2.2. If you are using ServiceNow classes instead of the IoT device table as the mapping method, skip this step.
- To create a table in ServiceNow for receiving device records fromIoT Security, filter the navigation menu by enteringSystem Definitionin the Filter navigator field, click, and then enter the following:TablesNewLabel:Zingbox discovered devicesName: The name field autofills, automatically prependingu_, converting any uppercase characters to lowercase, and converting spaces and dashes to underscores to connect words. It automatically convertsZingbox discovered devicesin the Label field tou_zingbox_discovered_devicesin the Name field.Zingbox discovered devicesis the default label andu_zingbox_discovered_devicesis the default name to whichIoT Securitysends device records. If you use any another table with a different label, you must change the ServiceNow Discovered IoT Device Table Name in the twoIoT Securityjobs that send device records to this table: PANW IoT Bulk Export To Servicenow and PANW IoT ServiceNow Integration. For example, if you enterfor the label in ServiceNow, which automatically generatesIoT Securitydiscovered devicesu_iot_security_discovered_devicesas the table name, then enteru_iot_security_discovered_devicesin the two ServiceNow jobs inIoT SecurityExtends table: Your new table must extend the Configuration Item. Search forConfiguration Itemand choose it from the list.
- Add the following custom column labels to the table so that ServiceNow can receive inventory updates fromIoT Securityand populate these table columns with data:The following are default column labels. If you use another cmdb device table with different column labels, you must change the corresponding default values in the twoIoT Securityjobs that send data to this table. The column labels are case sensitive. For example,categoryis different fromCategory.categoryprofileiot_tagiot_vendoriot_modeliot_osiot_ssidiot_siteiot_vlaniot_wired_wirelessos_support
- When done, clickSubmit.
- After adding the custom column labels, the table will consist of predefined and custom columns. To display a smaller set of relevant columns, click theZingbox discovered deviceslabel on the Tables page, scroll down past the table and clickShow Listin the Related Links section, and then click thePersonalize Listicon ( ). Use the left and right arrows to move column labels so that only the ones you want to see are in the Selected pane and then clickOK.
- Create a ServiceNow table for receiving security incidents fromIoT Security.
- From the ServiceNow Tables page, clickNewand enter the following:Label: EnterZingbox alerts vulnerability incident.Name: The name field autofills, automatically prependingu_, converting any uppercase characters to lowercase, and converting spaces and dashes to underscores to connect words. It convertsZingbox alerts vulnerability incidentin the Label field tou_zingbox_alerts_vulnerability_incidentin the Name field.Extends table: Your new table must extend theTaskconfiguration Item. ChooseTaskfrom the list.
- When done, clickSubmit.
- Add custom table columns to the table.
- Return to the table configuration page to edit it.The table consists of a set of predefined table columns. You will add two custom column labels to let ServiceNow receive comments fromIoT Securityabout security incidents and provide links to the Security Alert Details and Vulnerability Details pages.
- ClickNewat the top of the table on the Columns tab.In the Dictionary Entry form that appears, enter the following and then clickSubmit:Type:StringColumn label:CommentsColumn name:u_comments(automatically fills based on the label)Max length:4,000(characters)
- To add the next column label, clickNewagain, enter the following, and clickSubmit:Type:URLColumn label:Security incidentColumn name:u_security_incident(automatically fills)
- Because ServiceNow displays a large set of columns, it’s useful to reduce the number to those of interest. To do this, click theZingbox alerts vulnerability incidentlabel on the Tables page, scroll down past the table and clickShow Listin the Related Links section, and then click theUpdate Personalized Listicon ( ). Use the left and right arrows to move column labels so that only the following are in the Selected pane and then clickOK.
- Create a ServiceNow user account for XSOAR to use when connecting to ServiceNow and sending it device attributes, alerts, and vulnerabilities.
- Navigate to, clickSystem SecurityUsersNew, enter a user ID and password, and make sure thePassword needs resetcheck box is cleared. Leave the other fields empty and clickSubmit.Remember the user ID and password because you will enter these later when configuring the ServiceNow instance in XSOAR.
- On the Users page, click the user ID of the account you just created to return to the account settings.
- To add roles to the user account, scroll down the page, click theRolestab, and then clickEdit. Search for the following four roles one by one and add them to the Roles List:rest_api_explorer(This is required so thatIoT Securitycan connect to ServiceNow through its API.)u_zingbox_alerts_vulnerability_incident_useru_zingbox_discovered_devices_userweb_service_adminIf you use an existing device table whose label is not “Zingbox discovered devices”, the third role shown above will be a different name.
- ClickSaveto add the roles to the user account.
- On the user account settings page, clickUpdateto save the updated settings.
This completes the ServiceNow setup.