• 1 Minute to read
  • Contributors
  • Dark
  • PDF


  • Dark
  • PDF


ServiceNow can be used for creation and managing of Incidents and Alerts.

Pre-requisites to use ServiceNow and DNIF

Outbound access required for connectivity between DNIF Setup and ServiceNow

Protocol Source IP Source Port Direction Destination IP Destination Port
TCP DS,CR Any Egress ServiceNow_Domain ServiceNow_PORT

The above rule assumes both request and response in enabled

ServiceNow trigger plugin functions

Details of the function that can be used with the ServiceNow trigger is given in this section.

  • create_incident

This function allows for creating an incident on ServiceNow portal using the necessary incident details.

  • Input

ServiceNow RESTful API segments use many different fields within inputs to be entered

  • Short Description: A short description of the incident that has been created. This is denoted by $Name field of the created module.
  • Example
_fetch * from module limit 1
>>_trigger api servicenow create_incident $Name
  • Output
    The sample ticket created is as below:



The trigger call returns output in the following structure for available data

Fields Description
$SNMessageKey ID of the module for triggering the incident.
$SNNode End point or the affected system as mentioned in the DNIF Artifact.
$SNSeverity Severity of the incident.
$SNSource From where the incident originated, here it is DNIF.
$SNType From which technology the incident originated, here it is SIEM.
$SNAdditionalInfo Information about the DNIF Artifact that is being used to create the incident.
$SNSysID ID of incident in em_event table denoted by sys_id.
$SNCreatedOn Timestamp for creation time of incident.

Getting started with ServiceNow API and DNIF

  • Place the folder servicenow.tar.gz to /var/tmp folder of host machine.

  • Login to your Data Store and Correlator containers and access DNIF Container via SSH

  • Copy the files on the server from location /var/tmp to the relevant location using below commands:

cp /var/tmp/servicenow.tar.gz /dnif/<D-Key>/trigger_plugins/
  • Move to the ‘/dnif/<D-Key>/trigger_plugins’ folder path.
$cd /dnif/<D-Key>/trigger_plugins/
  • Extract the servicenow.tar.gz using the following command:
tar xvzf servicenow.tar.gz -C /dnif/<D-Key>/trigger_plugins
  • Move to the ‘/dnif/<D-Key>/trigger_plugins/servicenow/’ folder path, open dnifconfig.yml configuration file

  • Replace the tags: <Add_your_*> with your ServiceNow credentials

  SN_USER: <Add_your_servicenow_username>
  SN_PASS: <Add_your_servicenow_password>
  SN_DOMAIN: <Add_your_servicenow_Domain_Name>

Was this article helpful?

What's Next