Authentication

This provider requires authentication.

  • service_now_base_url: The base URL of the ServiceNow instance (required: True, sensitive: False)
  • username: The username of the ServiceNow user (required: True, sensitive: False)
  • password: The password of the ServiceNow user (required: True, sensitive: True)
  • client_id: The client ID to use OAuth 2.0 based authentication (required: False, sensitive: False)
  • client_secret: The client secret to use OAuth 2.0 based authentication (required: False, sensitive: True)

Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:

  • itil: The user can read/write tickets from the table (mandatory) (Documentation)

In workflows

This provider can be used in workflows.

As “step” to query data, example:

steps:
    - name: Query servicenow
      provider: servicenow
      config: "{{ provider.my_provider_name }}"
      with:
        table_name: {value}  # The name of the table to query.
        incident_id: {value}  # The incident ID to query.
        sysparm_limit: {value}  # The maximum number of records to return.
        sysparm_offset: {value}  # The offset to start from.

As “action” to make changes or update data, example:

actions:
    - name: Query servicenow
      provider: servicenow
      config: "{{ provider.my_provider_name }}"
      with:
        table_name: {value}  # The name of the table to create the ticket in.
        payload: {value}  # The ticket payload.
        ticket_id: {value}  # The ticket ID (optional to update a ticket).
        fingerprint: {value}  # The fingerprint of the ticket (optional to update a ticket).

Check the following workflow examples:

Topology

This provider pulls topology to Keep. It could be used in correlations and mapping, and as a context for alerts and incidents.

Connecting with the Provider

  1. Ensure that the ServiceNow instance is accessible via API.
  2. Provide the necessary API credentials (instance_url and api_token) in the provider configuration.

Additional

  • KEEP_SERVICENOW_PROVIDER_SKIP_SCOPE_VALIDATION envirnomental variable in the backend allows to bypass scope validation.