Integrate ServiceNow with Strata Cloud Manager

Table of Contents

Configure a ServiceNow Notification Profile

Integrate ServiceNow with Strata Cloud Manager

Learn how to integrate ServiceNow with Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
NGFW, including those funded by Software NGFW Credits Prisma Access	One of the following licenses: AIOps for NGFW Free (use the AIOps for NGFW Free app) or AIOps for NGFW Premium license (use the Strata Cloud Manager app) Prisma Access Strata Cloud Manager Essentials Strata Cloud Manager Pro

Strata Cloud Manager supports ServiceNow, an incident management platform that provides a common framework for managing incidents and notifying you about incidents through ServiceNow tickets. Any incident that Strata Cloud Manager creates will automatically create a ticket on ServiceNow. When Strata Cloud Manager scans your environment and detects a problem, it generates an incident and pushes it to ServiceNow as a ticket. Then, when you dismiss an incident, Strata Cloud Manager sends a state change notification to update the ticket status on ServiceNow.

ServiceNow has two types of integration: Bidirectional and unidirectional. A bidirectional integration means you’re pushing data to ServiceNow as well as getting data from ServiceNow. In a unidirectional integration, you’re only pushing data to ServiceNow.

Before You Proceed with ServiceNow Integration

ServiceNow integration might require cross-border data transfers. If your ServiceNow instance, your Strata Cloud Manager instance, or your Strata Cloud Manager interface users are located in multiple countries, you need to consent to and authorize any cross-border transfers of data.

Bidirectional Integration in ServiceNow

Bidirectional integration has four fields in the ServiceNow Mapped Field, three of which are mandatory if you opt for bidirectional integration.

ServiceNow Ticket ID—Mandatory
ServiceNow Operational Status—Mandatory
ServiceNow Priority—Mandatory
ServiceNow Assigned To—Optional. This field could have information such as name or email address

ServiceNow Schema

Your ServiceNow records include the same structured incident metadata available in webhooks, ensuring that automation workflows built on either channel receive consistent data. Strata Cloud Manager provides these fields, but it only sends fields that you have mapped in ServiceNow. See Configure OAuth for ServiceNow Integration with Strata Cloud Manager.

Here are the fields for ServiceNow mapping:

Field	Description
Incident ID	Unique incident ID.
Title	Title of the incident.
Severity	Incident severity, such as High, Medium, Low, Critical, Warning, and Informational.
Status	Incident status. Valid values are Raised, Cleared, RaisedChild, and ClearPending.
Raised Time	Time the incident was raised in the UTC format.
Last Updated Time	Time the incident was updated in the UTC format.
Tenant Name	Tenant Service Group (TSG) name.
Code	Unique code. It is in a flat namespace; for example, INC_CIE_AGENT_DISCONNECT.
Category	Category, such as RN (remote networks) or SC (service connection).
Subcategory	Subcategory
Incident Details URL	URL link to the incident details page in Strata Cloud Manager.
Primary Impacted Objects	Primary impacted entity or entities associated with the incident. Each object contains key-value pairs identifying the impacted resource.
Related Objects	Additional impacted entities related to the incident. Provides supplementary context beyond the primary impacted objects.
Description	Description of the incident.
Product	Product associated with the incident, such as NGFW, Prisma Access, or Posture.
Clear Reason	Reason for clearing the incident.
Correlated Alerts	Alerts related to the incident. Each alert contains the alert_id and title.
Parent Incidents	Parent incidents associated with the current incident. Each object contains the incident_id.
Child Incidents	Child incidents associated with the current incident. Each object contains the incident_id.
TSG ID	Tenant ID.
Custom Field	Static name-value pairs for custom ServiceNow fields Allows setting static values for custom ServiceNow table columns, used to populate customer-specific or business-specific ServiceNow fields with constant values.
Subtenant ID	Subtenant ID.
Cleared Time	Time the incident was cleared in the UTC format.

Configure OAuth for ServiceNow Integration with Strata Cloud Manager

OAuth authentication provides a secure, industry-standard method for Strata Cloud Manager to connect to ServiceNow instances without requiring the transmission or storage of user credentials. This authentication framework enables your organization to maintain strict security controls while automating incident management workflows between your Palo Alto Networks platform and ServiceNow.

When you configure OAuth authentication for ServiceNow notifications, the system establishes trust through a token-based mechanism rather than traditional username and password combinations. This approach significantly enhances security by eliminating the need to store sensitive user credentials within notification profiles. OAuth tokens have defined lifespans and can be revoked centrally through ServiceNow, providing administrators with granular control over system access.

Before implementing OAuth authentication, you must configure an OAuth application profile in the ServiceNow instance that defines the authentication parameters and permissions. This profile establishes the client credentials and specifies which API endpoints Strata Cloud Manager can access within your ServiceNow environment. The OAuth application profile also determines token expiration settings and any scope limitations that govern system interactions.

When configuring your ServiceNow integration on the Strata Cloud Manager Notification Rule, you need the following:

Configured ServiceNow instance with administrative access
ServiceNow username and password with web access and specific roles to create incidents or query various tables
Client ID and Password created under Application Registry in order to authorize Strata Cloud Manager to access your ServiceNow Instance
URL of your ServiceNow instance

Your ServiceNow instance should also have an Incident table for Strata Cloud Manager to send incidents to, and Assignment Groups with Assignees so that these alerts can be raised to specific people.

Creating a ServiceNow Rest User.
Create a new ServiceNow User with specific roles to read and write to the various tables needed for the integration.
1. To create a user in ServiceNow, navigate to Users under Security > Users and Groups.
2. Enter all the required details and check the Web service access only check box and submit your changes.
3. Search for the newly created user. Select the Roles tab in the table at the bottom of the page and click Edit. You will need to give the user permissions for the following three roles: itil, sn_incident_read, and sn_incident_write. Save your changes.
4. Click Set Password on the User page. In the pop-up window, click Generate and Save Password. Make sure to copy the password to a secure location along with the User ID. This information will be used to populate the ServiceNow User credentials in Strata Cloud Manager.
Create a table and add the columns.
1. Navigate to All > System Definition > Tables & Columns.
2. Create Table.
3. Enter all the required information for the table.
4. Add the columns for the table and Submit.
Create a Web OAuth client.
An OAuth client is required for Strata Cloud Manager to authenticate into your ServiceNow instance.
1. Navigate to All > System OAuth > Application Registry.
2. Create a new entry and select Create an OAuth API endpoint for external clients.
3. Add a Name for the OAuth and create a Client Secret. The Client Secret can also be left blank if an auto-generated secret is wanted. Click Submit and then navigate back to the Application Registry entry and save both the Client ID and Client Secret. This information will be used under the Client credential forms in Strata Cloud Manager. See Add a ServiceNow Notification Profile.