To configure ITSM roles, perform the following procedure.

Procedure

  1. Log in to your ServiceNow instance.
  2. Go to the Roles page using the ServiceNow Search menu on the left side of the page.
  3. Find and open the x_vmw_cb_connector.admin role (Carbon Black Cloud Admin).
  4. Scroll down and click the Edit button.
    Note: If the Edit button is not visible, add the scope of the application.
  5. Search for roles to be added.
  6. Select and double-click each role to move it to the Contains Roles List.
  7. To x_vmw_cb_connector.admin, add the following roles:
    • itil
    • itl_admin
    • mid_server - for selecting the MID server to ingest data from the AWS S3 Bucket. Only required if configuring the Data Forwarder.
    • flow_operator
    • workflow_admin
    • n_ti.malicious_attachment_access - to download and view secured attachments
    • sn_ti.observable.write - to view and edit observable records
    Users who have this role will have the following permissions:
    • Install the integration application plugins
    • Create Users
    • Configure the application for REST API approach or Data Forwarder with AWS S3 Bucket approach
    • View Application Logs
    • Manually create an Incident from Alerts
    • Configure automatic creation of an Incident from Alerts
    • Manually close an Alert
    • Close Incidents
    • Perform SOAR actions
    • Bi Directional Sync of Alerts in ServiceNow and Carbon Black Cloud
    • Access Support Contact
  8. Repeat Steps 3-6 to add the following roles to Carbon Black Cloud Analysts (x_vmw_cb_connector.analyst1, x_vmw_cb_connector.analyst2, x_vmw_cb_connector.analyst3):
    • itil
    • itl_admin
    • export_set_scheduler
    • flow_operator
    • workflow_admin
    • n_ti.malicious_attachment_access - to download and view secured attachments
    • sn_ti.observable.write - to view and edit observable records
    Users who have this role will have the following permissions:
    • Access the Application
    • Manually create an Incident from Alerts
    • Manually close an Alert
    • Close Incidents
    • Perform SOAR actions
    • Bi Directional Sync of Alerts in ServiceNow and Carbon Black Cloud
    • Access Support Contact
  9. Repeat Steps 3-6 to add the following roles to Carbon Black Cloud View All (x_vmw_cb_connector.view_all):

    sn_incident_read - grants users with that role the permissions to read all the records; they cannot write or delete records.