Skip to main content

Authentication

This provider requires authentication.
  • service_now_base_url: The base URL of the ServiceNow instance (required: True, sensitive: False)
  • username: The username of the ServiceNow user (required: True, sensitive: False)
  • password: The password of the ServiceNow user (required: True, sensitive: True)
  • client_id: The client ID to use OAuth 2.0 based authentication (required: False, sensitive: False)
  • client_secret: The client secret to use OAuth 2.0 based authentication (required: False, sensitive: True)
  • ticket_creation_url: URL for creating new tickets (required: False, sensitive: False)
Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:
  • itil: The user can read/write tickets from the table (mandatory) (Documentation)

In workflows

This provider can be used in workflows. As “step” to query data, example: 
steps:
    - name: Query servicenow
      provider: servicenow
      config: "{{ provider.my_provider_name }}"
      with:
        table_name: {value}  # The name of the table to query.
        incident_id: {value}  # The incident ID to query.
        sysparm_limit: {value}  # The maximum number of records to return.
        sysparm_offset: {value}  # The offset to start from.
As “action” to make changes or update data, example: 
actions:
    - name: Query servicenow
      provider: servicenow
      config: "{{ provider.my_provider_name }}"
      with:
        table_name: {value}  # The name of the table to create the ticket in.
        payload: {value}  # The ticket payload.
        ticket_id: {value}  # The ticket ID (optional to update a ticket).
        fingerprint: {value}  # The fingerprint of the ticket (optional to update a ticket).
Check the following workflow examples:

Topology

This provider pulls topology to Keep. It could be used in correlations and mapping, and as a context for alerts and incidents.

Provider Methods

The provider exposes the following Provider Methods. They are available in the AI Assistant.
  • get_incidents Fetch all incidents from ServiceNow (view, scopes: itil)
  • get_incident_activities Get work notes and comments from a ServiceNow incident (view, scopes: itil)
    • incident_id: The incident number (e.g. INC0010001) or sys_id.
    • limit: Maximum number of activity records to return.
  • add_incident_activity Add a work note or comment to a ServiceNow incident (action, scopes: itil)
    • incident_id: The incident number (e.g. INC0010001) or sys_id.
    • content: The text content to add.
    • activity_type: Either ‘work_notes’ or ‘comments’. Defaults to ‘work_notes’.

Connecting with the Provider

  1. Ensure that the ServiceNow instance is accessible via API.
  2. Provide the necessary API credentials (instance_url and api_token) in the provider configuration.

Additional

  • KEEP_SERVICENOW_PROVIDER_SKIP_SCOPE_VALIDATION envirnomental variable in the backend allows to bypass scope validation.