How to integrate ServiceNow with VMware Aria Automation for Secure Clouds

Important

This feature is currently in private beta. Reach out to your customer success team if you're interested in trying it out for your organization.

You can use the VMware Aria Automation for Secure Clouds ServiceNow integration to automatically create incidents from security findings in your ServiceNow server, where they can be tracked and resolved according to your existing incident workflow.

Note

The ServiceNow integration remains in active development, and supports only the creation of incidents from findings.

Before you start

To use this integration you must have an existing ServiceNow instance that can connect to VMware Aria Automation for Secure Clouds through basic authentication with a user name and password configured on the instance.

The best practice is to create a dedicated user to receive inbound API requests from the integration as described by the ServiceNow documentation.

The integration sends three request types to the ServiceNow Table API to add and update incidents:

  • POST - To add a new record to the incident table.
  • GET - To retrieve a specific record from the incident table.
  • PUT - To update a record retrieved by a PUT request in the incident table.

The ServiceNow user must have the itil role from the base system roles to receive these API requests. Review the ServiceNow role documentation for directions to assign a role to a user.

Configure integration

Once you have a user set up on your ServiceNow instance with the appropriate permissions you can create the integration in VMware Aria Automation for Secure Clouds.

  1. Log in to VMware Aria Automation for Secure Clouds.

  2. Navigate to Settings > Integrations.

  3. Locate ServiceNow from the integration list, then select Add New.

  4. Enter the following required values:

    • Integration name - Choose a name for your integration.
    • Username - Enter the dedicated user name.
    • Password - Enter the password for your dedicated user.
    • Instance name - Enter the name of your instance. You can find this in your instance URL. For example, if the URL for your instance was https://dev136802.service-now.com/, the instance name would be "dev136802".
    • Fields Template - You can use this field to set pre-defined values for any field in a ServiceNow incident.

  5. Select Next.

  6. Select the Context at which others are able to view and edit this integration. If you're already creating this integration from the context of a specific project, it's set automatically.

  7. Click Test to verify a working connection, then click Save.

If you're unable to test a successful connection to ServiceNow, ensure you've assigned your user the itil role before seeking assistance.

After you've set up the integration, you must create a ServiceNow alert to begin creating incidents from findings.

Incident customization

The Fields Template field holds a JSON-formatted object that is used to populate fields in any incidents upon creation in ServiceNow.

As an example, the Impact and Urgency fields are pre-defined by default when you set up an integration.

{
    "impact": "2",
    "urgency": "2"
}

On a successful test, you can view the incident created in your ServiceNow instance and see the values carried over to the appropriate fields.

image

You can customize the incident template for your integration by changing, removing, or adding more fields from your organizations incident template. Options to override a pre-defined field and add known variables as documented for Jira Cloud are also supported for ServiceNow.

check-circle-line exclamation-circle-line close-line
Scroll to top icon