Begin Scanning a ServiceNow App
Learn how to add a ServiceNow app so that SaaS Security API can protect your assets against data exfiltration and malware propagation.
To connect ServiceNow to SaaS Security API and begin scanning files and folders, you need to:
- Ensure that you have an ServiceNow account with has sufficient privileges.
- Grant SaaS Security API access to ServiceNow.
- Add the ServiceNow app to SaaS Security API, providing SaaS Security API information about your ServiceNow.
For information on which automated remediation capabilities SaaS Security API supports with ServiceNow, refer to Supported Content, Remediation and Monitoring.
Add ServiceNow App
In order for SaaS Security API to scan assets, you must consent to specific permissions during the course of adding the ServiceNow app. Without the requested permissions, SaaS Security API cannot authenticate with ServiceNow and cannot scan assets, even after you successfully install the ServiceNow app.
- (Recommended) Add your ServiceNow app domain as an internal domain.
- Register SaaS Security API in the ServiceNow management console.
- Log in to the ServiceNow management console as admin.
- Select.System OAuthApplication Registry
- Select.NewCreate an OAuth API endpoint for external clients
- Enter a uniqueNamefor SaaS Security API.
- If you are using the Istanbul (or higher) release, enter aRedirect URI/URL. The redirect you enter depends on the SaaS Security API location:For North America, use:https://app.aperture.paloaltonetworks.com/auth/servicenow/callbackFor Europe, use:https://app.aperture-eu.paloaltonetworks.com/auth/servicenow/callbackFor Asia-Pacific, use:https://app.aperture-apac.paloaltonetworks.com/auth/servicenow/callback
- Submityour changes.
- Add the ServiceNow app on SaaS Security API.
- From theDashboard, clickAdd a Cloud App, and selectServiceNow.
- Select one of the following:
- Connect to ServiceNow Account—Select this option if you’re using an earlier release of ServiceNow (Fuji, Geneva, or Helsinki).
- Istanbul or higher—Select this option is you are using the ServiceNow Istanbul (or higher) release.
- Log in to the ServiceNow app.
You can copy the client ID and client secret from thepage in the ServiceNow management console.System OAuthApplication Registry
- For Istanbul or higher, enter theServiceNow URL(for example,https://acmecorp.service-now.com/),Client ID, andClient Secret.
- For earlier releases (Fuji, Geneva, or Helsinki) enter theServiceNow URL(for example,https://acmecorp.service-now.com/),Client ID, andClient Secret. Also, enter theUsernameandPasswordfor your ServiceNow account.
- AllowSaaS Security API access to the ServiceNow account.
- Next Step: Proceed to Customize ServiceNow App.
Customizations include modifying ServiceNow app name.
- (Optional) Give a descriptive name to this app instance.
- Go toSettingsand select the ServiceNow n instance listed.
- Enter a descriptiveNameto differentiate this instance of ServiceNow from other instances.
- (Recommended) Enter anAdmin UserName(for example,email@example.com).As a best practice, create a separate administrator account and use that email address for SaaS Security API. If you opt to use an existing admin account instead of a new account, the administrator activities are not tracked on SaaS Security API. Creating a separate account enables you to monitor events generated by ServiceNow administrators on.ExploreActivities
- ClickDoneto save your changes.
- Next Step: Proceed to Identify Risks.
When you add a new cloud app, then enable scanning, SaaS Security API automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
- Start scanning the new ServiceNow app for risks.
- During the discovery phase, as SaaS Security API scans files and matches them against enabled policy rules, verify that your default policy rules are effective. If the results don’t capture all risks or you see false positives, proceed to next step to improve your results.
- (Optional) Modify match criteria for existing policy rules.
- (Optional) Configure or edit a data pattern.
Tables Scanned by DLP
The DLP service scans the following database tables on ServiceNow. To enforce best practice, the SaaS Security web interface does not allow you to add or remove database tables from scans: SaaS administrators need to consult with the Database Administrator prior to adding or removing tables from scans. After consulting with your Database Administrator, contact Palo Alto Networks Customer Support to manually add or remove a table.
If ServiceNow does not expose a given database table, the DLP service cannot scan it.
Recommended For You
Recommended videos not found.