Service Now

​

Authentication

This provider requires authentication.

• service_now_base_url: The base URL of the ServiceNow instance (required: True, sensitive: False)
• username: The username of the ServiceNow user (required: True, sensitive: False)
• password: The password of the ServiceNow user (required: True, sensitive: True)
• client_id: The client ID to use OAuth 2.0 based authentication (required: False, sensitive: False)
• client_secret: The client secret to use OAuth 2.0 based authentication (required: False, sensitive: True)

Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:

• itil: The user can read/write tickets from the table (mandatory) (Documentation)

​

In workflows

This provider can be used in workflows.

As “step” to query data, example:

steps:
    - name: Query servicenow
      provider: servicenow
      config: "{{ provider.my_provider_name }}"
      with:
        table_name: {value}  # The name of the table to query.
        incident_id: {value}  # The incident ID to query.
        sysparm_limit: {value}  # The maximum number of records to return.
        sysparm_offset: {value}  # The offset to start from.

As “action” to make changes or update data, example:

actions:
    - name: Query servicenow
      provider: servicenow
      config: "{{ provider.my_provider_name }}"
      with:
        table_name: {value}  # The name of the table to create the ticket in.
        payload: {value}  # The ticket payload.
        ticket_id: {value}  # The ticket ID (optional to update a ticket).
        fingerprint: {value}  # The fingerprint of the ticket (optional to update a ticket).

Check the following workflow examples:

• blogpost.yml
• clickhouse_multiquery.yml
• create_service_now_ticket_upon_alerts.yml
• update_service_now_tickets_status.yml

​

Topology

This provider pulls topology to Keep. It could be used in correlations and mapping, and as a context for alerts and incidents.

​

Connecting with the Provider

1. Ensure that the ServiceNow instance is accessible via API.
2. Provide the necessary API credentials (instance_url and api_token) in the provider configuration.

​

Additional

• KEEP_SERVICENOW_PROVIDER_SKIP_SCOPE_VALIDATION envirnomental variable in the backend allows to bypass scope validation.

​

Useful Links

• Service Now API documentation