Integrate ServiceNow with Strata Cloud Manager

Table of Contents

Integrate ServiceNow with Strata Cloud Manager

Learn how to integrate ServiceNow with Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
NGFW, including those funded by Software NGFW Credits Prisma Access	One of the following licenses: AIOps for NGFW Free (use the AIOps for NGFW Free app) or AIOps for NGFW Premium license (use the Strata Cloud Manager app) Prisma Access Strata Cloud Manager Essentials Strata Cloud Manager Pro

Strata Cloud Manager supports ServiceNow, an incident management platform that provides a common framework for managing incidents and notifying you about incidents through ServiceNow tickets. Any incident that Strata Cloud Manager creates will automatically create a ticket on ServiceNow. When Strata Cloud Manager scans your environment and detects a problem, it generates an incident and pushes it to ServiceNow as a ticket. Then, when you dismiss an incident, Strata Cloud Manager sends a state change notification to update the ticket status on ServiceNow.

ServiceNow has two types of integration: Bidirectional and unidirectional. A bidirectional integration means you’re pushing data to ServiceNow as well as getting data from ServiceNow. In a unidirectional integration, you’re only pushing data to ServiceNow.

Before You Proceed with ServiceNow Integration

ServiceNow integration might require cross-border data transfers. If your ServiceNow instance, your Strata Cloud Manager instance, or your Strata Cloud Manager interface users are located in multiple countries, you need to consent to and authorize any cross-border transfers of data.

Bidirectional Integration in ServiceNow

Bidirectional integration has four fields in the ServiceNow Mapped Field, three of which are mandatory if you opt for bidirectional integration.

ServiceNow Ticket ID—Mandatory
ServiceNow Operational Status—Mandatory
ServiceNow Priority—Mandatory
ServiceNow Assigned To—Optional. This field could have information such as name or email address

Configure OAuth for ServiceNow Integration with Strata Cloud Manager

OAuth authentication provides a secure, industry-standard method for Strata Cloud Manager to connect to ServiceNow instances without requiring the transmission or storage of user credentials. This authentication framework enables your organization to maintain strict security controls while automating incident management workflows between your Palo Alto Networks platform and ServiceNow.

When you configure OAuth authentication for ServiceNow notifications, the system establishes trust through a token-based mechanism rather than traditional username and password combinations. This approach significantly enhances security by eliminating the need to store sensitive user credentials within notification profiles. OAuth tokens have defined lifespans and can be revoked centrally through ServiceNow, providing administrators with granular control over system access.

Before implementing OAuth authentication, you must configure an OAuth application profile in the ServiceNow instance that defines the authentication parameters and permissions. This profile establishes the client credentials and specifies which API endpoints Strata Cloud Manager can access within your ServiceNow environment. The OAuth application profile also determines token expiration settings and any scope limitations that govern system interactions.

When configuring your ServiceNow integration on the Strata Cloud Manager Notification Rule, you need the following:

Configured ServiceNow instance with administrative access
ServiceNow username and password with web access and specific roles to create incidents or query various tables
Client ID and Password created under Application Registry in order to authorize Strata Cloud Manager to access your ServiceNow Instance
URL of your ServiceNow instance

Your ServiceNow instance should also have an Incident table for Strata Cloud Manager to send incidents to, and Assignment Groups with Assignees so that these alerts can be raised to specific people.

Creating a ServiceNow Rest User.
Create a new ServiceNow User with specific roles to read and write to the various tables needed for the integration.
1. To create a user in ServiceNow, navigate to Users under Security > Users and Groups.
2. Enter all the required details and check the Web service access only check box and submit your changes.
3. Search for the newly created user. Select the Roles tab in the table at the bottom of the page and click Edit. You will need to give the user permissions for the following three roles: itil, sn_incident_read, and sn_incident_write. Save your changes.
4. Click Set Password on the User page. In the pop-up window, click Generate and Save Password. Make sure to copy the password to a secure location along with the User ID. This information will be used to populate the ServiceNow User credentials in Strata Cloud Manager.
Create a table and add the columns.
1. Navigate to All > System Definition > Tables & Columns.
2. Create Table.
3. Enter all the required information for the table.
4. Add the columns for the table and Submit.
Create a Web OAuth client.
An OAuth client is required for Strata Cloud Manager to authenticate into your ServiceNow instance.
1. Navigate to All > System OAuth > Application Registry.
2. Create a new entry and select Create an OAuth API endpoint for external clients.
3. Add a Name for the OAuth and create a Client Secret. The Client Secret can also be left blank if an auto-generated secret is wanted. Click Submit and then navigate back to the Application Registry entry and save both the Client ID and Client Secret. This information will be used under the Client credential forms in Strata Cloud Manager. See Add a ServiceNow Notification Profile.