ServiceNow is a workflow management platform. It offers a number of security operations applications. You can configure Prisma Cloud to route alerts to ServiceNow’s Vulnerability Response application.
To integrate Prisma Cloud with ServiceNow, you’ll need to create a ServiceNow endpoint to consume findings from the Prisma Cloud scanner. The endpoint is created using ServiceNow’s Scripted REST API mechanism.
Each vulnerability found by the Prisma Cloud scanner is mapped to a ServiceNow vulnerable item. Scanner data is mapped to vulnerable items as follows:
Vulnerable items contain all CVEs reported by the Prisma Cloud scanner only if the corresponding CVEs also exist in ServiceNow’s vuln DB. If a CVE doesn’t exist in ServiceNow, the
Vulnerability (Reference)field won’t list it.
ServiceNow vulnerablity item field
Prisma Cloud scanner data
The scanner that found this vulnerable item.
Prisma Cloud Compute
ID of the vulnerability associated with this vulnerable item.
Reference to CVE ID (if exists in ServiceNow’s vulnerabilities DB)
This field defaults to Open, but you can change it to Under Investigation if the vulnerability is ready for immediate remediation.
Open (automatically set by ServiceNow)
Group selected to work on this vulnerability group.
Assignment group set in the alert profile
Individual from the selected assignment group that works on this vulnerability.
Assignee set in the alert profile
The date this vulnerable item was created in your instance.
Creation date of the vulnerable item (automatically set by ServiceNow)
Any relevant information.