ServiceNow can be used for creation and managing of Incidents and Alerts.
Pre-requisites to use ServiceNow and DNIF
Outbound access required for connectivity between DNIF Setup and ServiceNow
|Protocol||Source IP||Source Port||Direction||Destination IP||Destination Port|
The above rule assumes both request and response in enabled
ServiceNow trigger plugin functions
Details of the function that can be used with the ServiceNow trigger is given in this section.
This function allows for creating an incident on ServiceNow portal using the necessary incident details.
ServiceNow RESTful API segments use many different fields within inputs to be entered
- Short Description: A short description of the incident that has been created. This is denoted by $Name field of the created module.
_fetch * from module limit 1 >>_trigger api servicenow create_incident $Name
The sample ticket created is as below:
The trigger call returns output in the following structure for available data
|$SNMessageKey||ID of the module for triggering the incident.|
|$SNNode||End point or the affected system as mentioned in the DNIF Artifact.|
|$SNSeverity||Severity of the incident.|
|$SNSource||From where the incident originated, here it is DNIF.|
|$SNType||From which technology the incident originated, here it is SIEM.|
|$SNAdditionalInfo||Information about the DNIF Artifact that is being used to create the incident.|
|$SNSysID||ID of incident in em_event table denoted by sys_id.|
|$SNCreatedOn||Timestamp for creation time of incident.|
Getting started with ServiceNow API and DNIF
Place the folder servicenow.tar.gz to /var/tmp folder of host machine.
Login to your Data Store and Correlator containers and access DNIF Container via SSH
Copy the files on the server from location /var/tmp to the relevant location using below commands:
cp /var/tmp/servicenow.tar.gz /dnif/<D-Key>/trigger_plugins/
- Move to the ‘/dnif/<D-Key>/trigger_plugins’ folder path.
- Extract the servicenow.tar.gz using the following command:
tar xvzf servicenow.tar.gz -C /dnif/<D-Key>/trigger_plugins
Move to the ‘/dnif/<D-Key>/trigger_plugins/servicenow/’ folder path, open dnifconfig.yml configuration file
Replace the tags: <Add_your_*> with your ServiceNow credentials
trigger_plugin: SN_USER: <Add_your_servicenow_username> SN_PASS: <Add_your_servicenow_password> SN_DOMAIN: <Add_your_servicenow_Domain_Name>