ServiceNow
Integration version: 38.0
Prerequisites
Make sure to grant permissions to the ServiceNow user account that is used in the integration to accomplish the following:
- Access the sys_journal_field table (required for the Add Comment And Wait For Reply action).
- Create, write, and modify the required tables (required for the Create Record, Update Record, and Wait For Field Update actions).
- Update an incident (required for the Close Incidents and Update Incidents actions).
By default, non-admin users cannot access the sys_journal_field table that is used for synchronizing with Google Security Operations SOAR. To access the sys_journal_field table, create a new ACL rule. Creating a new ACL rule requires elevated administrator permissions.
Before configuring the OAuth v2.0 flow, complete the following steps:
Create a new role in ServiceNow and add it to the user account used in integration.
Create a new ACL rule in ServiceNow.
Create a new role
To create a new role in ServiceNow, complete the following steps:
Sign in to ServiceNow as an administrator.
Go to All > User Administration > Roles.
Click New and fill out the form.
As a role name, enter
secops_user.Click Submit.
Create an ACL rule
To create an ACL rule in ServiceNow, complete the following steps:
Sign in to ServiceNow as an administrator.
To configure ACL rules, elevate your role privileges within ServiceNow to the
security_adminrole.Go to All > System Security > Access Control (ACL).
Select the sys_journal_field table.
In the Requires role field, enter
secops_user.After completing the form, click the form header.
Click Save.
Assign a new role to the user
To assign the role you created to the user account used in the integration, complete the following steps:
In ServiceNow, Go to All > User Administration > Users.
Select the user that you use in the integration.
Go to Roles > Edit.
Select the
secops_userrole and click Add.Click Save.
Enable OAuth 2.0 authentication
To enable OAuth 2.0 authentication for the integration, complete the following steps:
Configure OAuth 2.0 in ServiceNow.
Configure initial integration parameters.
Generate a refresh token:
Simulate a case in Google Security Operations.
Run the Get Oauth Token action.
Configure the refresh token for integration.
Configure OAuth 2.0 in ServiceNow
In ServiceNow, go to System Definition > Plugins.
Activate the OAuth 2.0 plugin.
Set the com.snc.platform.security.oauth.is.active system property to
True.Go to System OAuth > Application Registry.
Click New and select Create an OAuth API endpoint for external clients.
Save the client_id and client_secret values to use them in the integration.
Configure initial integration parameters
In Google Security Operations, go to Response > Integrations Setup.
Optional: Select your environment.
In the Search field, enter
ServiceNow.Click settings Configure Instance.
Configure the Username, Password, Client ID, and Client Secret integration parameters.
Click Save.
Generate a refresh token
Generating a refresh token requires running manual actions on an existing case. If your Google Security Operations instance is new and has no existing cases, simulate one.
Simulate case
To simulate a case in Google Security Operations, follow these steps:
In the side navigation, select Cases.
On the Cases page, click add Add > Simulate Cases.
Select any of the default cases and click Create. It doesn't matter what case you choose to simulate.
Click Simulate.
If you have an environment other than default and would like to use it, select the correct environment and click Simulate.
In the Cases tab, click Refresh. The case that you have simulated appears in the case list.
Run the Get Oauth Token action
Use the Google Security Operations case you've simulated to run the Get Oauth Token action manually.
In the Cases tab, select your simulated case to open a Case View.
Click Manual Action.
In the Manual Action Search field, type in
ServiceNow.In the results under the ServiceNow integration, select Get Oauth Token.
Click Execute.
After the action is executed, navigate to the Case Wall of your simulated case. In the ServiceNow_Get Oauth Token action record, click View More.
In the JSON Result section, copy the refresh_token value.
Configure the refresh token for integration
In Google Security Operations, go to Response > Integrations Setup.
From the integrations list, select ServiceNow.
Click settings Configure Instance.
In the Refresh Token field, paste the refresh_token value you've copied from the JSON result in the previous section.
Delete the Username and Password parameter values.
Select Use Oauth Authentication.
Click Save.
Click Test.
Integrate ServiceNow with Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration inputs
To configure the integration, use the following parameters:
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Instance Name | String | N/A | No | Name of the Instance you intend to configure integration for. |
| Description | String | N/A | No | Description of the Instance. |
| Api Root | String | https://INSTANCE.service-now.com/api/now/v1/
|
Yes | API root of the ServiceNow instance. |
| Username | String | N/A | Yes | Username of the ServiceNow account. |
| Password | Password | N/A | Yes | Password of the ServiceNow account. |
| Incident Table | String | incident | No | This parameter is defining what API root ServiceNow integration is going to use for actions that revolve around incidents. By default, the integration uses the "table/incident" path. |
| Verify SSL | Checkbox | Checked | No | If enabled, the integration verifies that the SSL certificate for the connection to the ServiceNow server is valid. |
| Run Remotely | Checkbox | Unchecked | No | Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent). |
| Client ID | String | N/A | No | Client ID of ServiceNow application. Required for OAuth 2.0 authentication. |
| Client Secret | Password | N/A | No | Client Secret of ServiceNow application. Required for OAuth 2.0 authentication. |
| Refresh Token | Password | N/A | No | Refresh token for ServiceNow application. Required for OAuth 2.0 authentication. |
| Use Oauth Authentication | Checkbox | Unchecked | No | If enabled, the integration uses OAuth 2.0 authentication. The "Client ID", "Client Secret" and "Refresh Token" parameters are mandatory. |
You can make changes at a later stage if needed. Once configured, the Instances can be used in Playbooks. For detailed information on configuring and supporting multiple instances, see Supporting multiple instances.
Actions
Add Attachment
Add an attachment to a table record in ServiceNow.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Mode | DDL | Add New Attachment | No | Specifies the mode for the action. If If Possible values:
|
| Table Name | String | N/A | Yes | Specify name of the table that contains the record to add the attachment to. |
| Record Sys ID | String | N/A | Yes | Specify sys ID of the record to add the attachment to. |
| File Path | String | N/A | Yes | Specify a comma-separated list of absolute paths to the files that need to be attached. |
Run on
The action doesn't run on entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON result
{
"result": {
"size_bytes": "742",
"file_name": "Example.txt",
"sys_mod_count": "0",
"average_image_color": "",
"image_width": "",
"sys_updated_on": "2020-08-16 11:43:39",
"sys_tags": "",
"table_name": "incident",
"sys_id": "2a5d8423db2210104c187b60399619b2",
"image_height": "",
"sys_updated_by": "admin",
"download_link": "https://example.service-now.com/api/now/attachment/2a5d8423db2210104c187b60399619b2/file",
"content_type": "multipart/form-data",
"sys_created_on": "2020-08-16 11:43:39",
"size_compressed": "438",
"compressed": "true",
"state": "pending",
"table_sys_id": "9d385017c611228701d22104cc95c371",
"chunk_size_bytes": "700000",
"hash": "d2acb9fe341654816e00d44bcdaf88ef0733a2838449bba870142626b94871fc",
"sys_created_by": "admin"
}
}
Case wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
If successful for at least one path (is_success=true): "Successfully added the following attachments to the record with Sys ID {1} from table {2} in Service Now: \n {0}".format(file paths, Record Sys ID, Table Name)" If not successful for at least one path, but not all (is_success=true): "Action wasn't able to add the following attachments to the record with Sys ID {1} from table {2} in Service Now: {0}".format(file paths, Record Sys ID, Table Name) If not successful for all paths:
"No attachments were added to the record with Sys ID {1} from table {2} in
Service Now: {0}".format(file paths, Record Sys ID, Table Name) The action should fail and stop a playbook execution:
|
General |
Add Comment
Add a comment to a ServiceNow incident.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Incident Number | String | N/A | Yes | Specify the number of the incident. Format example: |
| Comment | String | N/A | Yes | Specify what comment to add to the incident. |
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_succeed | True/False | is_succeed:False |
Add Comment and Wait for Reply
Wait for a new comment to be added to the given incident. The action result is the content of the new comments.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Incident Number | String | N/A | Yes | Specify the number of the incident. Format example:
|
| Comment | String | N/A | Yes | Specify what comment to add to the incident. |
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| new_comment | N/A | N/A |
Add Parent Incident
Add a parent incident for incidents in ServiceNow.
Entities
This action doesn't run on entities.
Action inputs
To configure the action, use the following parameters:
| Parameters | |
|---|---|
Parent Incident Number |
Required Parent incident number. All incidents in the To configure this parameter,
use the following incident format:
|
Child Incident Numbers |
Required Comma-separated list of numbers related to the incident and used as children for the parent incident. To configure this parameter, use the following incident format:
|
Action outputs
| Action output type | |
|---|---|
| Case wall attachment | N/A |
| Case wall link | N/A |
| Case wall table | N/A |
| Enrichment table | N/A |
| JSON result | Available |
| Script result | Available |
Script result
| Script result name | Value |
|---|---|
| is_success | True or False |
JSON result
{
"result": [
{
"parent": "",
"made_sla": "true",
"caused_by": "",
"watch_list": "",
"upon_reject": "cancel",
"sys_updated_on": "2020-10-20 07:19:11",
"child_incidents": "0",
"hold_reason": "",
"approval_history": "",
"skills": "",
"number": "INC0010009",
"resolved_by": "",
"sys_updated_by": "admin",
"opened_by": {
"link": "https://example.service-now.com/api/now/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"user_input": "",
"sys_created_on": "2020-10-20 07:19:11",
"sys_domain": {
"link": "https://example.service-now.com/api/now/table/sys_user_group/global",
"value": "global"
},
"state": "1",
"sys_created_by": "admin",
"knowledge": "false",
"order": "",
"calendar_stc": "",
"closed_at": "",
"cmdb_ci": "",
"delivery_plan": "",
"contract": "",
"impact": "3",
"active": "true",
"work_notes_list": "",
"business_service": "",
"priority": "5",
"sys_domain_path": "/",
"rfc": "",
"time_worked": "",
"expected_start": "",
"opened_at": "2020-10-20 07:18:56",
"business_duration": "",
"group_list": "",
"work_end": "",
"caller_id": {
"link": "https://example.service-now.com/api/now/table/sys_user/f19943d813a81300f2277f176144b031",
"value": "f19943d813a81300f2277f176144b031"
},
"reopened_time": "",
"resolved_at": "",
"approval_set": "",
"subcategory": "",
"work_notes": "",
"short_description": "Assessment : Assessor",
"close_code": "",
"correlation_display": "",
"delivery_task": "",
"work_start": "",
"assignment_group": "",
"additional_assignee_list": "",
"business_stc": "",
"description": "",
"calendar_duration": "",
"close_notes": "",
"notify": "1",
"service_offering": "",
"sys_class_name": "incident",
"closed_by": "",
"follow_up": "",
"parent_incident": {
"link": "https://example.service-now.com/api/now/table/incident/552c48888c033300964f4932b03eb092",
"value": "552c48888c033300964f4932b03eb092"
},
"sys_id": "2a100a1c2fc42010c518532a2799b621",
"contact_type": "",
"reopened_by": "",
"incident_state": "1",
"urgency": "3",
"problem_id": "",
"company": "",
"reassignment_count": "0",
"activity_due": "",
"assigned_to": "",
"severity": "3",
"comments": "",
"approval": "not requested",
"sla_due": "",
"comments_and_work_notes": "",
"due_date": "",
"sys_mod_count": "0",
"reopen_count": "0",
"sys_tags": "",
"escalation": "0",
"upon_approval": "proceed",
"correlation_id": "",
"location": "",
"category": "inquiry"
}
]
}
Case wall
This action provides the following output messages:
| Output message | Message description |
|---|---|
Successfully set
PARENT_INCIDENT_NUMBER as the
"Parent Incident" for the following incidents in ServiceNow:
CHILD_INCIDENT_NUMBERS. |
Action succeeded. |
|
Action failed. Check the spelling. |
Error executing action "Add Parent Incident".
Reason: ERROR_REASON |
Action failed. Check the connection to the server, input parameters, or credentials. |
Close Incident
Close a ServiceNow incident.
This action requires an additional role configured in ServiceNow. To assign the role to the user account used in the integration, complete the following steps:
In ServiceNow, Go to All > User Administration > Users.
Select the user that you use in the integration.
Go to Roles > Edit.
Select the
sn_incident_writerole and click Add.Click Save.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Incident Number | String | N/A | Yes | Specify number of the incident. Format example: |
| Close Reason | String | N/A | Yes | Specify the reason, why incident was closed. |
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
Create Alert Incident
Create an incident related to a Google Security Operations alert.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Impact | String | 1 | Yes | Specify the impact of the incident. Possible values:
|
| Urgency | String | 1 | Yes | Specify the urgency of the incident. Possible values:
|
| Category | String | N/A | No | Specify the category of the incident. |
| Assignment Group ID | String | N/A | No | Specify the full name of the group that was assigned to the incident. |
| Assigned User ID | String | N/A | No | Specify the full name of the user that was assigned to the incident. |
| Description | String | N/A | No | Specify the description of the incident. |
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON result
{
"sys_tags": " ",
"user_input": " ",
"calendar_stc": " ",
"subcategory": " ",
"watch_list": " ",
"follow_up": " ",
"made_sla": "true",
"sys_created_by": "admin",
"sla_due": " ",
"number": "INC0010005",
"group_list": " ",
"reassignment_count": "0",
"assigned_to": " ",
"sys_mod_count": "0",
"notify": "1",
"resolved_by": " ",
"upon_reject": "cancel",
"additional_assignee_list": " ",
"category": "inquiry",
"closed_at": " ",
"parent_incident": " ",
"cmdb_ci": " ",
"contact_type": " ",
"impact": "1",
"rfc": " ",
"expected_start": " ",
"knowledge": "false",
"sys_updated_by":
"admin", "caused_by": " ",
"comments": " ",
"closed_by": " ",
"priority": "1",
"state": "1",
"sys_id": "6131d0eb2f311010f170c886f699b61c",
"opened_at": "2020-07-10 05:13:25",
"child_incidents": "0",
"work_notes": " ",
"delivery_task": " ",
"short_description": "4187b92c-7aaa-40ec-a032-833dd5a854e6",
"comments_and_work_notes": " ",
"time_worked": " ",
"upon_approval": "proceed",
"company": " ",
"business_stc": " ",
"correlation_display": " ",
"sys_class_name": "incident",
"delivery_plan": " ",
"escalation": "0",
"description": " ",
"parent": " ",
"close_notes": " ",
"business_duration": " ",
"problem_id": " ",
"sys_updated_on": "2020-07-10 05:13:25",
"approval_history": " ",
"approval_set": " ",
"business_service": " ",
"reopened_by": " ",
"calendar_duration": " ",
"caller_id": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"active": "true",
"approval": "not requested",
"service_offering": " ",
"sys_domain_path": "/",
"hold_reason": " ",
"activity_due": "2020-07-10 07:13:25",
"severity": "3",
"incident_state": "1",
"resolved_at": " ",
"location": " ",
"due_date": " ",
"work_start": " ",
"work_end": " ",
"work_notes_list": " ",
"sys_created_on": "2020-07-10 05:13:25",
"correlation_id": " ",
"contract": " ",
"reopened_time": " ",
"opened_by": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"close_code": " ",
"assignment_group": " ",
"sys_domain": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user_group/global",
"value": "global"
},
"order": " ",
"urgency": "1",
"reopen_count": "0"
}
Create Incident
Create a new incident in the ServiceNow system.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Short Description | String | N/A | Yes | Specify a short description of the incident. |
| Impact | String | 1 | Yes | Specify the impact of the incident. Possible values:
|
| Urgency | String | 1 | Yes | Specify the urgency of the incident. Possible values:
|
| Category | String | N/A | No | Specify the category of the incident. |
| Assignment Group ID | String | N/A | No | Specify the full name of the group that was assigned to the incident. |
| Assigned User ID | String | N/A | No | Specify the full name of the user that was assigned to the incident. |
| Description | String | N/A | No | Specify the description of the incident. |
| Custom Fields | CSV | N/A | No | Specify a comma-separated list of fields and values. Format: field_1:value_1,field_2:value_2 |
Run On
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| incident_number | N/A | N/A |
JSON Result
{
"sys_tags": " ",
"user_input": " ",
"calendar_stc": " ",
"subcategory": " ",
"watch_list": " ",
"follow_up": " ",
"made_sla": "true",
"sys_created_by": "admin",
"sla_due": " ",
"number": "INC0010005",
"group_list": " ",
"reassignment_count": "0",
"assigned_to": " ",
"sys_mod_count": "0",
"notify": "1",
"resolved_by": " ",
"upon_reject": "cancel",
"additional_assignee_list": " ",
"category": "inquiry",
"closed_at": " ",
"parent_incident": " ",
"cmdb_ci": " ",
"contact_type": " ",
"impact": "1",
"rfc": " ",
"expected_start": " ",
"knowledge": "false",
"sys_updated_by":
"admin", "caused_by": " ",
"comments": " ",
"closed_by": " ",
"priority": "1",
"state": "1",
"sys_id": "6131d0eb2f311010f170c886f699b61c",
"opened_at": "2020-07-10 05:13:25",
"child_incidents": "0",
"work_notes": " ",
"delivery_task": " ",
"short_description": "4187b92c-7aaa-40ec-a032-833dd5a854e6",
"comments_and_work_notes": " ",
"time_worked": " ",
"upon_approval": "proceed",
"company": " ",
"business_stc": " ",
"correlation_display": " ",
"sys_class_name": "incident",
"delivery_plan": " ",
"escalation": "0",
"description": " ",
"parent": " ",
"close_notes": " ",
"business_duration": " ",
"problem_id": " ",
"sys_updated_on": "2020-07-10 05:13:25",
"approval_history": " ",
"approval_set": " ",
"business_service": " ",
"reopened_by": " ",
"calendar_duration": " ",
"caller_id": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"active": "true",
"approval": "not requested",
"service_offering": " ",
"sys_domain_path": "/",
"hold_reason": " ",
"activity_due": "2020-07-10 07:13:25",
"severity": "3",
"incident_state": "1",
"resolved_at": " ",
"location": " ",
"due_date": " ",
"work_start": " ",
"work_end": " ",
"work_notes_list": " ",
"sys_created_on": "2020-07-10 05:13:25",
"correlation_id": " ",
"contract": " ",
"reopened_time": " ",
"opened_by": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"close_code": " ",
"assignment_group": " ",
"sys_domain": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user_group/global",
"value": "global"
},
"order": " ",
"urgency": "1",
"reopen_count": "0"
}
Create Record
Create new records in different tables of ServiceNow.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Table Name | String | N/A | No | Specify the table that should be used to create a record. |
| Object JSON Data | String | N/A | No | Specify JSON data that is needed to create a record. |
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| object_sys_id | N/A | N/A |
JSON result
{
"sys_tags": " ",
"user_input": " ",
"calendar_stc": " ",
"subcategory": " ",
"watch_list": " ",
"follow_up": " ",
"made_sla": "true",
"sys_created_by": "admin",
"sla_due": " ",
"number": "INC0010021",
"group_list": " ",
"reassignment_count": "0",
"assigned_to": " ",
"sys_mod_count": "0",
"notify": "1",
"resolved_by": " ",
"upon_reject": "cancel",
"additional_assignee_list": " ",
"category": "inquiry",
"closed_at": " ",
"parent_incident": " ",
"cmdb_ci": " ",
"contact_type": " ",
"impact": "3",
"rfc": " ",
"expected_start": " ",
"knowledge": "false",
"sys_updated_by": "admin",
"caused_by": " ",
"comments": " ",
"closed_by": " ",
"priority": "5",
"state": "1",
"sys_id": "19fcb4672fb11010f170c886f699b612",
"opened_at": "2020-07-10 08:24:34",
"child_incidents": "0",
"work_notes": " ",
"delivery_task": " ",
"short_description": " ",
"comments_and_work_notes": " ",
"time_worked": " ",
"upon_approval": "proceed",
"company": " ",
"business_stc": " ",
"correlation_display": " ",
"sys_class_name": "incident",
"delivery_plan": " ",
"escalation": "0",
"description": " ",
"parent": " ",
"close_notes": " ",
"business_duration": " ",
"problem_id": " ",
"sys_updated_on": "2020-07-10 08:24:34",
"approval_history": " ",
"approval_set": " ",
"business_service": " ",
"reopened_by": " ",
"calendar_duration": " ",
"caller_id": " ",
"active": "true",
"approval": "not requested",
"service_offering": " ",
"sys_domain_path": "/",
"hold_reason": " ",
"activity_due": " ",
"severity": "3",
"incident_state": "1",
"resolved_at": " ",
"location": " ",
"due_date": " ",
"work_start": " ",
"work_end": " ",
"work_notes_list": " ",
"sys_created_on": "2020-07-10 08:24:34",
"correlation_id": " ",
"contract": " ",
"reopened_time": " ",
"opened_by": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"close_code": " ",
"assignment_group": " ",
"sys_domain": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user_group/global",
"value": "global"
},
"order": " ",
"urgency": "3",
"reopen_count": "0"
}
Download Attachments
Download attachments related to a table record in ServiceNow.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Table Name | String | N/A | Yes | Specify name of the table that contains the record to download attachments from. Example: incident |
| Record Sys ID | String | N/A | Yes | Specify sys ID of the record to download the attachment from. |
| Download Folder Path | String | N/A | Yes | Specify the absolute folder path to store the downloaded attachments. |
Run on
This action doesn't run on entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON result
{
"result": [
{"absolute_file_path" : ["absolute path to the file"]
"size_bytes": "187",
"file_name": "example.txt",
"sys_mod_count": "1",
"average_image_color": "",
"image_width": "",
"sys_updated_on": "2020-10-19 09:58:39",
"sys_tags": "",
"table_name": "problem",
"sys_id": "181b99c82f002010c518532a2799b60e",
"image_height": "",
"sys_updated_by": "system",
"download_link": "https://example.service-now.com/api/now/attachment/181b99c82f002010c518532a2799b60e/file",
"content_type": "text/plain",
"sys_created_on": "2020-10-19 09:58:38",
"size_compressed": "172",
"compressed": "true",
"state": "available",
"table_sys_id": "57771d002f002010c518532a2799b6cc",
"chunk_size_bytes": "700000",
"hash": "a4fbb8ab71268903845b59724835274ddc66e095de553c5e0c1da8fecd04ee45",
"sys_created_by": "admin"
}
]
}
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
If not successful (none of the files were downloaded): "Action
wasn't able to download attachments related to the record with Sys ID {0} from
table {1} in ServiceNow .".format(Record Sys ID, Table Name) The action should fail and stop a playbook execution: If not successful: "Error executing action "Download Attachments". Reason: {0}''.format(error.Stacktrace)
If at least one file already exists and unchecked "Overwrite": "Error executing action "Download Attachments". Reason: the following files already exist: \n {0}. Please delete them or set 'Overwrite' action parameter to true.''.format(error.Stacktrace)" |
General |
Get Child Incident Details
Retrieve information about child incidents based on the parent incident in ServiceNow.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Parent Incident Number | String | N/A | Yes | Specify a number of the incident to retrieve child incident details for. Format example: |
| Max Child Incident To Return | Integer | 50 | No | Specify the number of child incidents to return. |
Run on
This action doesn't run on entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON result
{
"result": [
{
"parent": "",
"made_sla": "true",
"caused_by": "",
"watch_list": "",
"upon_reject": "cancel",
"sys_updated_on": "2020-10-20 07:19:11",
"child_incidents": "0",
"hold_reason": "",
"approval_history": "",
"skills": "",
"number": "INC0010009",
"resolved_by": "",
"sys_updated_by": "admin",
"opened_by": {
"link": "https://example.service-now.com/api/now/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"user_input": "",
"sys_created_on": "2020-10-20 07:19:11",
"sys_domain": {
"link": "https://example.service-now.com/api/now/table/sys_user_group/global",
"value": "global"
},
"state": "1",
"sys_created_by": "admin",
"knowledge": "false",
"order": "",
"calendar_stc": "",
"closed_at": "",
"cmdb_ci": "",
"delivery_plan": "",
"contract": "",
"impact": "3",
"active": "true",
"work_notes_list": "",
"business_service": "",
"priority": "5",
"sys_domain_path": "/",
"rfc": "",
"time_worked": "",
"expected_start": "",
"opened_at": "2020-10-20 07:18:56",
"business_duration": "",
"group_list": "",
"work_end": "",
"caller_id": {
"link": "https://example.service-now.com/api/now/table/sys_user/f19943d813a81300f2277f176144b031",
"value": "f19943d813a81300f2277f176144b031"
},
"reopened_time": "",
"resolved_at": "",
"approval_set": "",
"subcategory": "",
"work_notes": "",
"short_description": "Assessment : ATF Assessor",
"close_code": "",
"correlation_display": "",
"delivery_task": "",
"work_start": "",
"assignment_group": "",
"additional_assignee_list": "",
"business_stc": "",
"description": "",
"calendar_duration": "",
"close_notes": "",
"notify": "1",
"service_offering": "",
"sys_class_name": "incident",
"closed_by": "",
"follow_up": "",
"parent_incident": {
"link": "https://example.service-now.com/api/now/table/incident/552c48888c033300964f4932b03eb092",
"value": "552c48888c033300964f4932b03eb092"
},
"sys_id": "2a100a1c2fc42010c518532a2799b621",
"contact_type": "",
"reopened_by": "",
"incident_state": "1",
"urgency": "3",
"problem_id": "",
"company": "",
"reassignment_count": "0",
"activity_due": "",
"assigned_to": "",
"severity": "3",
"comments": "",
"approval": "not requested",
"sla_due": "",
"comments_and_work_notes": "",
"due_date": "",
"sys_mod_count": "0",
"reopen_count": "0",
"sys_tags": "",
"escalation": "0",
"upon_approval": "proceed",
"correlation_id": "",
"location": "",
"category": "inquiry"
}
]
}
Case wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
If no child incidents are found (is_success=false):
"No child incidents were found." The action should fail and stop a playbook execution:
If not successful: "Error executing action "Get Child Incident Details". Reason: {0}''.format(error.Stacktrace) |
General |
| CSV | Table Name: Child Incident Details Table Column:
|
General |
Get Record Details
Retrieve information about specific table records in ServiceNow.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Table Name | String | N/A | Yes | Specify name of the table to search for the record in. Example: incident |
| Record Sys ID | String | N/A | Yes | Specify the record ID to retrieve details for. |
| Fields | String | N/A | No | Specify a comma-separated list of fields that should be returned for that record. If nothing is specified, the action returns the default fields for that record. Example: field_1,field_2 |
Run on
This action doesn't run on entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON result
{
"result": [
{
"parent": "",
"made_sla": "true",
"caused_by": "",
"watch_list": "",
"upon_reject": "cancel",
"sys_updated_on": "2020-10-20 07:19:11",
"child_incidents": "0",
"hold_reason": "",
"approval_history": "",
"skills": "",
"number": "INC0010009",
"resolved_by": "",
"sys_updated_by": "admin",
"opened_by": {
"link": "https://example.service-now.com/api/now/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"user_input": "",
"sys_created_on": "2020-10-20 07:19:11",
"sys_domain": {
"link": "https://example.service-now.com/api/now/table/sys_user_group/global",
"value": "global"
},
"state": "1",
"sys_created_by": "admin",
"knowledge": "false",
"order": "",
"calendar_stc": "",
"closed_at": "",
"cmdb_ci": "",
"delivery_plan": "",
"contract": "",
"impact": "3",
"active": "true",
"work_notes_list": "",
"business_service": "",
"priority": "5",
"sys_domain_path": "/",
"rfc": "",
"time_worked": "",
"expected_start": "",
"opened_at": "2020-10-20 07:18:56",
"business_duration": "",
"group_list": "",
"work_end": "",
"caller_id": {
"link": "https://example.service-now.com/api/now/table/sys_user/f19943d813a81300f2277f176144b031",
"value": "f19943d813a81300f2277f176144b031"
},
"reopened_time": "",
"resolved_at": "",
"approval_set": "",
"subcategory": "",
"work_notes": "",
"short_description": "Assessment : ATF Assessor",
"close_code": "",
"correlation_display": "",
"delivery_task": "",
"work_start": "",
"assignment_group": "",
"additional_assignee_list": "",
"business_stc": "",
"description": "",
"calendar_duration": "",
"close_notes": "",
"notify": "1",
"service_offering": "",
"sys_class_name": "incident",
"closed_by": "",
"follow_up": "",
"parent_incident": {
"link": "https://example.service-now.com/api/now/table/incident/552c48888c033300964f4932b03eb092",
"value": "552c48888c033300964f4932b03eb092"
},
"sys_id": "2a100a1c2fc42010c518532a2799b621",
"contact_type": "",
"reopened_by": "",
"incident_state": "1",
"urgency": "3",
"problem_id": "",
"company": "",
"reassignment_count": "0",
"activity_due": "",
"assigned_to": "",
"severity": "3",
"comments": "",
"approval": "not requested",
"sla_due": "",
"comments_and_work_notes": "",
"due_date": "",
"sys_mod_count": "0",
"reopen_count": "0",
"sys_tags": "",
"escalation": "0",
"upon_approval": "proceed",
"correlation_id": "",
"location": "",
"category": "inquiry"
}
]
}
Case wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
If the 400 status code (is_success=false): "Action
wasn't able to retrieve information about {0} record with Sys ID {1} in
ServiceNow. Reason: {2}.".format(table name, Record Sys ID, error/message) The action should fail and stop a playbook execution: If a critical error is reported: "Error executing action "Get Record Details". Reason:{0}''.format(error.Stacktrace) |
General |
Get Incident
Retrieve information about a ServiceNow incident.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Incident Number | String | N/A | Yes | Specify number of the incident. Format example: |
| Short Description | String | N/A | No | Specify short description of the incident. |
| Impact | String | 1 | No | Specify the impact of the incident. Possible values:
|
| Urgency | String | 1 | No | Specify the urgency of the incident. Possible values:
|
| Category | String | N/A | No | Specify the category of the incident. |
| Assignment Group ID | String | N/A | No | Specify the full name of the group that was assigned to the incident. |
| Assigned User ID | String | N/A | No | Specify the full name of the user that was assigned to the incident. |
| Description | String | N/A | No | Specify the description of the incident. |
| Incident State | String | N/A | No | Status name or status ID. |
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| incident_number | N/A | N/A |
JSON result
{
"sys_tags": " ",
"user_input": " ",
"calendar_stc": "2012",
"subcategory": " ",
"watch_list": " ",
"follow_up": " ",
"made_sla": "true",
"sys_created_by": "admin",
"sla_due": " ",
"number": "INC0010041",
"group_list": " ",
"reassignment_count": "0",
"assigned_to": " ",
"sys_mod_count": "10",
"notify": "1",
"resolved_by": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"upon_reject": "cancel",
"additional_assignee_list": " ",
"category": "inquiry",
"closed_at": "2020-07-10 12:53:06",
"parent_incident": " ",
"cmdb_ci": " ",
"contact_type": " ",
"impact": "1",
"rfc": " ",
"expected_start": " ",
"knowledge": "false",
"sys_updated_by": "admin",
"caused_by": " ",
"comments": " ",
"closed_by": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"priority": "1",
"state": "7",
"sys_id": "f562fd272f351010f170c886f699b669",
"opened_at": "2020-07-10 12:18:04",
"child_incidents": "0",
"work_notes": " ",
"delivery_task": " ",
"short_description": "sdf",
"comments_and_work_notes": " ",
"time_worked": " ",
"upon_approval": "proceed",
"company": " ",
"business_stc": "0",
"correlation_display": " ",
"sys_class_name": "incident",
"delivery_plan": " ",
"escalation": "0",
"description": " ",
"parent": " ",
"close_notes": "Closed by Caller",
"business_duration": "1970-01-01 00:00:00",
"problem_id": " ",
"sys_updated_on": "2020-07-10 13:13:57",
"approval_history": " ",
"approval_set": " ",
"business_service": " ",
"reopened_by": " ",
"calendar_duration": "1970-01-01 00:35:02",
"caller_id": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"active": "false",
"approval": "not requested",
"service_offering": " ",
"sys_domain_path": "/",
"hold_reason": " ",
"activity_due": "2020-07-10 14:33:28",
"severity": "3",
"incident_state": "7",
"resolved_at": "2020-07-10 12:53:06",
"location": " ",
"due_date": " ",
"work_start": " ",
"work_end": " ",
"work_notes_list": " ",
"sys_created_on": "2020-07-10 12:18:04",
"correlation_id": " ",
"contract": " ",
"reopened_time": " ",
"opened_by": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"close_code": "Closed/Resolved by Caller",
"assignment_group": " ",
"sys_domain": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user_group/global",
"value": "global"
},
"order": " ",
"urgency": "1",
"reopen_count": "0"
}
Get User Details
Retrieve information about the user using the sys_id parameter in ServiceNow.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| User Sys IDs | CSV | N/A | Yes | Specify a comma-separated list of Example: sys_id_1,sys_id_2 |
Run on
This action doesn't run on entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success=False |
JSON result
{
"result": [
{
"calendar_integration": "1",
"country": "",
"last_position_update": "",
"user_password": "example",
"last_login_time": "",
"source": "",
"sys_updated_on": "2020-08-29 02:42:42",
"building": "",
"web_service_access_only": "false",
"notification": "2",
"enable_multifactor_authn": "false",
"sys_updated_by": "user@example",
"sys_created_on": "2012-02-18 03:04:52",
"agent_status": "",
"sys_domain": {
"link": "https://example.service-now.com/api/now/table/sys_user_group/global",
"value": "global"
},
"state": "",
"vip": "false",
"sys_created_by": "admin",
"longitude": "",
"zip": "",
"home_phone": "",
"time_format": "",
"last_login": "",
"default_perspective": "",
"geolocation_tracked": "false",
"active": "true",
"sys_domain_path": "/",
"cost_center": {
"link": "https://example.service-now.com/api/now/table/cmn_cost_center/d9d07bddc0a80a647cf932056ed24652",
"value": "d9d07bddc0a80a647cf932056ed24652"
},
"phone": "",
"name": "Example User",
"employee_number": "",
"password_needs_reset": "false",
"gender": "Male",
"city": "",
"failed_attempts": "",
"user_name": "example.user",
"latitude": "",
"roles": "",
"title": "",
"sys_class_name": "sys_user",
"sys_id": "62826bf03710200044e0bfc8bcbe5df1",
"internal_integration_user": "false",
"ldap_server": "",
"mobile_phone": "",
"street": "",
"company": {
"link": "https://example.service-now.com/api/now/table/core_company/227cdfb03710200044e0bfc8bcbe5d6b",
"value": "227cdfb03710200044e0bfc8bcbe5d6b"
},
"department": {
"link": "https://dev98773.service-now.com/api/now/table/cmn_department/9a7ed3f03710200044e0bfc8bcbe5db7",
"value": "9a7ed3f03710200044e0bfc8bcbe5db7"
},
"first_name": "Example",
"email": "example@example.com",
"introduction": "",
"preferred_language": "",
"manager": "",
"business_criticality": "3",
"locked_out": "false",
"sys_mod_count": "4",
"last_name": "User",
"photo": "",
"avatar": "063e38383730310042106710ce41f13b",
"middle_name": "",
"sys_tags": "",
"time_zone": "",
"schedule": "",
"on_schedule": "",
"date_format": "",
"location": {
"link": "https://example.service-now.com/api/now/table/cmn_location/25b3d04b0a0a0bb300176b546c22db27",
"value": "25b3d04b0a0a0bb300176b546c22db27"
}
}
]
}
Case wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
If not successful for some sys_id (is_success=true): "Action
wasn't able to retrieve information about the users in Service Now with the
following Sys IDs:\n{0}".format(list_of_sys_ids) If not successful for
every sys_id (is_success=false): "Information about the users
with specified Sys IDs was not found in Service Now"
If not successful: "Error executing action "Get User Details". Reason: {0}''.format(error.Stacktrace) |
General |
| CSV | Table Name: User Details Table Column:
|
General |
List Records Related To User
List records from a table related to a user in ServiceNow.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Table Name | String | N/A | Yes | Specify name of the table to search for related records in. Example: incident. |
| Usernames | CSV | N/A | Yes | Specify a comma-separated list of usernames to retrieve the related records for. |
| Max Days Backwards | Integer | 1 | Yes | Specify the number of days backwards to fetch related records. |
| Max Records To Return | Integer | 50 | No | Specify the number of records to return per user. |
Run on
This action doesn't run on entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success=False |
JSON result
{
"result": [
{
"parent": "",
"made_sla": "true",
"caused_by": "",
"watch_list": "",
"upon_reject": "cancel",
"sys_updated_on": "2020-10-19 14:18:40",
"child_incidents": "0",
"hold_reason": "",
"approval_history": "",
"skills": "",
"number": "INC0010008",
"resolved_by": "",
"sys_updated_by": "admin",
"opened_by": {
"link": "https://example.service-now.com/api/now/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"user_input": "",
"sys_created_on": "2020-10-19 14:18:40",
"sys_domain": {
"link": "https://example.service-now.com/api/now/table/sys_user_group/global",
"value": "global"
},
"state": "1",
"sys_created_by": "admin",
"knowledge": "false",
"order": "",
"calendar_stc": "",
"closed_at": "",
"cmdb_ci": "",
"delivery_plan": "",
"contract": "",
"impact": "3",
"active": "true",
"work_notes_list": "",
"business_service": "",
"priority": "5",
"sys_domain_path": "/",
"rfc": "",
"time_worked": "",
"expected_start": "",
"opened_at": "2020-10-19 14:18:20",
"business_duration": "",
"group_list": "",
"work_end": "",
"caller_id": {
"link": "https://example.service-now.com/api/now/table/sys_user/62826bf03710200044e0bfc8bcbe5df1",
"value": "62826bf03710200044e0bfc8bcbe5df1"
},
"reopened_time": "",
"resolved_at": "",
"approval_set": "",
"subcategory": "",
"work_notes": "",
"short_description": "TEST",
"close_code": "",
"correlation_display": "",
"delivery_task": "",
"work_start": "",
"assignment_group": "",
"additional_assignee_list": "",
"business_stc": "",
"description": "",
"calendar_duration": "",
"close_notes": "",
"notify": "1",
"service_offering": "",
"sys_class_name": "incident",
"closed_by": "",
"follow_up": "",
"parent_incident": "",
"sys_id": "908616442fc02010c518532a2799b6e5",
"contact_type": "",
"reopened_by": "",
"incident_state": "1",
"urgency": "3",
"problem_id": "",
"company": {
"link": "https://example.service-now.com/api/now/table/core_company/227cdfb03710200044e0bfc8bcbe5d6b",
"value": "227cdfb03710200044e0bfc8bcbe5d6b"
},
"reassignment_count": "0",
"activity_due": "",
"assigned_to": "",
"severity": "3",
"comments": "",
"approval": "not requested",
"sla_due": "",
"comments_and_work_notes": "",
"due_date": "",
"sys_mod_count": "0",
"reopen_count": "0",
"sys_tags": "",
"escalation": "0",
"upon_approval": "proceed",
"correlation_id": "",
"location": "",
"category": "inquiry"
}
]
}
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
If not successful for at
least one username (is_success = true): print "Action wasn't able to
retrieve related records from table {0} in ServiceNow for the following users:
{1}".format(Table Name, list of usernames) If not successful
for all usernames (is_success=false): print "No related table records
were retrieved for the provided users."
If a critical error is reported: "Error executing action "List Records Related To User". Reason: {0}''.format(error.Stacktrace) |
General |
| CSV | Table Name: "{0}: Related {1} Records".format (username, capitalised (Table name)) | General |
Ping
Test Connectivity.
Parameters
N/A
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
Update Incident
Update incident information.
This action requires an additional role configured in ServiceNow. To assign the role to the user account used in the integration, complete the following steps:
In ServiceNow, Go to All > User Administration > Users.
Select the user that you use in the integration.
Go to Roles > Edit.
Select the
sn_incident_writerole and click Add.Click Save.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Incident Number | String | N/A | Yes | Specify number of the incident. Format example: |
| Short Description | String | N/A | No | Specify short description of the incident. |
| Impact | String | 1 | No | Specify the impact of the incident. Possible values:
|
| Urgency | String | 1 | No | Specify the urgency of the incident. Possible values:
|
| Category | String | N/A | No | Specify the category of the incident. |
| Assignment Group ID | String | N/A | No | Specify the full name of the group that was assigned to the incident. |
| Assigned User ID | String | N/A | No | Specify the full name of the user that was assigned to the incident. |
| Description | String | N/A | No | Specify the description of the incident. |
| Incident State | String | N/A | No | Status the name or status ID. |
| Custom Fields | CSV | N/A | No | Specify a comma-separated list of fields and values. Format: field_1:value_1,field_2:value_2 |
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| incident_number | N/A | N/A |
JSON result
{
"sys_tags": " ",
"user_input": " ",
"calendar_stc": "2012",
"subcategory": " ",
"watch_list": " ",
"follow_up": " ",
"made_sla": "true",
"sys_created_by": "admin",
"sla_due": " ",
"number": "INC0010041",
"group_list": " ",
"reassignment_count": "0",
"assigned_to": " ",
"sys_mod_count": "10",
"notify": "1",
"resolved_by": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"upon_reject": "cancel",
"additional_assignee_list": " ",
"category": "inquiry",
"closed_at": "2020-07-10 12:53:06",
"parent_incident": " ",
"cmdb_ci": " ",
"contact_type": " ",
"impact": "1",
"rfc": " ",
"expected_start": " ",
"knowledge": "false",
"sys_updated_by": "admin",
"caused_by": " ",
"comments": " ",
"closed_by": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"priority": "1",
"state": "7",
"sys_id": "f562fd272f351010f170c886f699b669",
"opened_at": "2020-07-10 12:18:04",
"child_incidents": "0",
"work_notes": " ",
"delivery_task": " ",
"short_description": "sdf",
"comments_and_work_notes": " ",
"time_worked": " ",
"upon_approval": "proceed",
"company": " ",
"business_stc": "0",
"correlation_display": " ",
"sys_class_name": "incident",
"delivery_plan": " ",
"escalation": "0",
"description": " ",
"parent": " ",
"close_notes": "Closed by Caller",
"business_duration": "1970-01-01 00:00:00",
"problem_id": " ",
"sys_updated_on": "2020-07-10 13:13:57",
"approval_history": " ",
"approval_set": " ",
"business_service": " ",
"reopened_by": " ",
"calendar_duration": "1970-01-01 00:35:02",
"caller_id": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"active": "false",
"approval": "not requested",
"service_offering": " ",
"sys_domain_path": "/",
"hold_reason": " ",
"activity_due": "2020-07-10 14:33:28",
"severity": "3",
"incident_state": "7",
"resolved_at": "2020-07-10 12:53:06",
"location": " ",
"due_date": " ",
"work_start": " ",
"work_end": " ",
"work_notes_list": " ",
"sys_created_on": "2020-07-10 12:18:04",
"correlation_id": " ",
"contract": " ",
"reopened_time": " ",
"opened_by": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"close_code": "Closed/Resolved by Caller",
"assignment_group": " ",
"sys_domain": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user_group/global",
"value": "global"
},
"order": " ",
"urgency": "1",
"reopen_count": "0"
}
Update Record
Update available records in different tables of ServiceNow.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Table Name | String | N/A | No | Specify table that should be used to update a record. |
| Object JSON Data | String | N/A | No | Specify JSON data that is needed to update a record. |
| Record Sys ID | String | N/A | No | Specify Sys ID of the needed record. |
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| record_sys_id | N/A | N/A |
JSON result
{
"sys_tags": " ",
"user_input": " ",
"calendar_stc": " ",
"subcategory": " ",
"watch_list": " ",
"follow_up": " ",
"made_sla": "true",
"sys_created_by": "admin",
"sla_due": " ",
"number": "INC0010021",
"group_list": " ",
"reassignment_count": "0",
"assigned_to": " ",
"sys_mod_count": "0",
"notify": "1",
"resolved_by": " ",
"upon_reject": "cancel",
"additional_assignee_list": " ",
"category": "inquiry",
"closed_at": " ",
"parent_incident": " ",
"cmdb_ci": " ",
"contact_type": " ",
"impact": "3",
"rfc": " ",
"expected_start": " ",
"knowledge": "false",
"sys_updated_by": "admin",
"caused_by": " ",
"comments": " ",
"closed_by": " ",
"priority": "5",
"state": "1",
"sys_id": "19fcb4672fb11010f170c886f699b612",
"opened_at": "2020-07-10 08:24:34",
"child_incidents": "0",
"work_notes": " ",
"delivery_task": " ",
"short_description": " ",
"comments_and_work_notes": " ",
"time_worked": " ",
"upon_approval": "proceed",
"company": " ",
"business_stc": " ",
"correlation_display": " ",
"sys_class_name": "incident",
"delivery_plan": " ",
"escalation": "0",
"description": " ",
"parent": " ",
"close_notes": " ",
"business_duration": " ",
"problem_id": " ",
"sys_updated_on": "2020-07-10 08:24:34",
"approval_history": " ",
"approval_set": " ",
"business_service": " ",
"reopened_by": " ",
"calendar_duration": " ",
"caller_id": " ",
"active": "true",
"approval": "not requested",
"service_offering": " ",
"sys_domain_path": "/",
"hold_reason": " ",
"activity_due": " ",
"severity": "3",
"incident_state": "1",
"resolved_at": " ",
"location": " ",
"due_date": " ",
"work_start": " ",
"work_end": " ",
"work_notes_list": " ",
"sys_created_on": "2020-07-10 08:24:34",
"correlation_id": " ",
"contract": " ",
"reopened_time": " ",
"opened_by": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user/6816f79cc0a8016401c5a33be04be441",
"value": "6816f79cc0a8016401c5a33be04be441"
},
"close_code": " ",
"assignment_group": " ",
"sys_domain": {
"link": "https://example.service-now.com/api/now/v1/table/sys_user_group/global",
"value": "global"
},
"order": " ",
"urgency": "3",
"reopen_count": "0"
}
Wait for Field Update
Wait for Field Update.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Table Name | String | N/A | Yes | Specify table that should be used to create a record. |
| Record Sys ID | String | N/A | Yes | Specify Sys ID of the needed record. |
| Field- Column Name | String | N/A | Yes | Specify the name of the column that is expected to be updated. |
| Field- Values | String | N/A | Yes | Specify the values that are expected in the column. Example: In Progress, Resolved |
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| updated_field | N/A | N/A |
Wait for Status Update
Wait For Status Update.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Incident Number | String | N/A | Yes | Specify the number of the incident. Format example: |
| Statuses | String | N/A | Yes | Specify what statuses of the incident are expected. Example: In Progress, Resolved |
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| new_status | N/A | N/A |
List CMDB Records
List CMDB records from the same class in ServiceNow.
For more information on class names, see View and edit class definition and metadata in the ServiceNow product documentation.
How to work with the query filter (sysparm_query)
To get the correct filter, complete the following steps:
Navigate to the CMDB Query Builder using the following URL:
(https://SERVICENOW_INSTANCE/$queryBuilder.doabout:blank)In the Search CMDB Classes field, enter the class name.
Drag the required class onto the builder canvas.
In the browser Developer Tools, go to the Network tab.
Hold the pointer over the class that you dragged onto canvas to check the filter icon.
Create a filter of your choice.
In the Network tab, search for requests that contain the
mapattribute.For example, the request URL is as follows:
https://dev98773.service-now.com/api/now/ui/query_parse/cmdb_ci_appl/map?sysparm_query=sys_idLIKE1%5Esys_idSTARTSWITH0%5EORsys_idSTARTSWITH2From the URL, copy the value that appears after the
sysparm_query=attribute. This value is a filter that you've created, presented as a query. The query value is as follows:sys_idLIKE1%5Esys_idSTARTSWITH0%5EORsys_idSTARTSWITH2.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Class Name | String | N/A | Yes | Specify name of the class to list records from. Example: cmdb_ci_appl. |
| Query Filter | String | N/A | No | Specify query filter for the results. Example of the filter: sys_idLIKE1^sys_idSTARTSWITH0 |
| Max Records To Return | Integer | 50 | No | Specify the number of records to return. |
Run on
The action doesn't run on entities, nor has mandatory input parameters.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON result
{
"result": [
{
"sys_id": "0d62dfeb1394130068227f176144b0ba",
"name": "Example server"
}
]
}
Case wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
If successful: "Successfully listed CMDB records for the Class '{0}' in Service Now.".format(Class name)
If the class is not found: "Action wasn't able to list CMDB records for the Class '{0}' in Service Now. Reason: Class '{0}' was not found in Service Now.".format(Class name) If not successful:
"Action wasn't able to list CMDB records for the Class '{0}' in Service Now.".
format(Class name) The action should fail and stop a
playbook execution: If not successful: "Error executing action "List CMDB Records". Reason: {0}''.format(error.Stacktrace) |
General |
| Case Wall Table | Table Name: "{0} records".format(Class Name) Table Column:
|
Get CMDB Record Details
Get detailed CMDB records from the same class in ServiceNow.
For more information on class names, see View and edit class definition and metadata in the ServiceNow product documentation.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Class Name | String | N/A | Yes | Specify name of the class to list records from. Example: cmdb_ci_appl. |
| Sys ID | String | N/A | Yes | Specify a comma-separated list of record sys IDs to retrieve details for. |
| Max Relations To Return | Integer | 50 | No | Specify the number of record relations per type to return. |
Run on
This action runs on all entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success=False |
JSON Result
{
"result": {
"outbound_relations": [
{
"sys_id": "56f3a7ad7f701200bee45f19befa910f",
"type": {
"display_value": "Members::Member of",
"link": "https://example.service-now.com/api/now/table/cmdb_rel_type/55c913d3c0a8010e012d1563182d6050",
"value": "55c913d3c0a8010e012d1563182d6050"
},
"target": {
"display_value": "Example",
"link": "https://example.service-now.com/api/now/cmdb/instance/cmdb_ci/95bdb0e17f701200bee45f19befa9127",
"value": "95bdb0e17f701200bee45f19befa9127"
}
}
],
"attributes": {
"attested_date": "",
"skip_sync": "false",
"operational_status": "1",
"caption": "",
"cluster_type": "",
"sys_updated_on": "2016-01-06 19:04:07",
"attestation_score": "",
"discovery_source": "",
"first_discovered": "",
"sys_updated_by": "example.user",
"cluster_status": "",
"due_in": "",
"sys_created_on": "2016-01-06 16:47:15",
"sys_domain": {
"display_value": "global",
"link": "https://example.service-now.com/api/now/table/sys_user_group/global",
"value": "global"
},
"install_date": "",
"invoice_number": "",
"gl_account": "",
"sys_created_by": "example.user",
"warranty_expiration": "",
"cluster_version": "",
"asset_tag": "",
"fqdn": "",
"change_control": "",
"owned_by": "",
"checked_out": "",
"sys_domain_path": "/",
"delivery_date": "",
"maintenance_schedule": "",
"install_status": "1",
"cost_center": "",
"attested_by": "",
"supported_by": "",
"dns_domain": "",
"name": "SAP-LB-Win-Cluster",
"assigned": "",
"purchase_date": "",
"subcategory": "Cluster",
"short_description": "",
"assignment_group": "",
"managed_by": "",
"managed_by_group": "",
"last_discovered": "",
"can_print": "false",
"sys_class_name": "cmdb_ci_win_cluster",
"manufacturer": "",
"sys_id": "103d30e17f701200bee45f19befa91db",
"cluster_id": "",
"po_number": "",
"checked_in": "",
"sys_class_path": "/!!/!5/!$",
"vendor": "",
"mac_address": "",
"company": "",
"model_number": "",
"justification": "",
"department": "",
"assigned_to": "",
"start_date": "",
"cost": "",
"comments": "",
"sys_mod_count": "1",
"serial_number": "",
"monitor": "false",
"model_id": "",
"ip_address": "",
"duplicate_of": "",
"sys_tags": "",
"cost_cc": "USD",
"support_group": "",
"order_date": "",
"schedule": "",
"environment": "",
"due": "",
"attested": "false",
"unverified": "false",
"correlation_id": "",
"attributes": "",
"location": "",
"asset": "",
"category": "Resource",
"fault_count": "0",
"lease_id": ""
},
"inbound_relations": [
{
"sys_id": "3b3d95297f701200bee45f19befa910c",
"type": {
"display_value": "Depends on::Used by",
"link": "https://example.service-now.com/api/now/table/cmdb_rel_type/1a9cb166f1571100a92eb60da2bce5c5",
"value": "1a9cb166f1571100a92eb60da2bce5c5"
},
"target": {
"display_value": "IP-Router-3",
"link": "https://example.service-now.com/api/now/cmdb/instance/cmdb_ci/161441257f701200bee45f19befa91c2",
"value": "161441257f701200bee45f19befa91c2"
}
}
]
}
}
Case wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
If not successful for some Sys IDs (is_success=true): "Action wasn't able to return details for CMDB records in the Class '{0}' from Service Now for the following Sys IDs: \n{1}.".format(Class name, list of sys ids)
If the class is not found (is_success=false): "Action wasn't able to return details for CMDB records in the Class '{0}' in Service Now. Reason: Class '{0}' was not found.".format(Class name) If Sys ID in the class is not found (is_success=false): "Action wasn't able to return details for CMDB record with Sys ID '{1}' in the Class '{0}' in Service Now. Reason: Record with Sys ID '{1}' was not found in Class '{0]'.".format (Class name, sys_id) If not successful for all Sys IDs
(is_success=false): "Information about the provided Sys ids was not found."
The action should fail and stop a playbook execution:
|
General |
| Case Wall Table | Table Name: Relations Table Columns:
|
General |
Get Oauth Token
Get an OAuth refresh token for ServiceNow. This action requires you to provide the Username, Password, Client ID, and Client Secret parameters in the integration configuration tab.
Parameters
N/A
Run on
This action doesn't run on entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success=False |
JSON result
{
"access_token": "Na4Kb1oWpFcYNUnyAjsYldiTMxYF1Cz79Q",
"refresh_token": "0ryCENbbvfggZbNG9rFFd8_C8X0UgAQSMQkPJNStGwEEt0qNt-F1lw",
"scope": "useraccount",
"token_type": "Bearer",
"expires_in": 1799
}
Case wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "Get Oauth Token". Reason: {0}''.format(error.Stacktrace) If the 401
status code is reported (issuccess=false): "Error executing action "Get
Oauth Token". Reason: Invalid credentials were provided' If one of the "Client ID/Secret/Username/Password" parameters are not provided: "Error executing action "Get Oauth Token". Reason: "Client ID", "Client Secret", "Username" and "Password" should be provided." |
General |
Add Comment To Record
Add a comment to a specific table record in ServiceNow.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Table Name | String | N/A | Yes | Specify the name of the table to add a comment or work note to. Example: incident. |
| Type | DDL | Comment Possible Values:
|
Yes | Specify whether comment or work note should be added to the record. |
| Record Sys ID | String | N/A | Yes | Specify the record ID to add a comment or work note to. |
| Text | String | N/A | Yes | Specify the content of the comment or work note. |
| Wait For Reply | Checkbox | Yes | If enabled, action will wait for reply. Note: action will track comments, if comments are sent and work notes, if work notes are sent. |
Run on
This action doesn't run on entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success=False |
JSON result
{
"sys_id": "4355183607523010ff23f6fd7c1ed0a8",
"sys_created_on": "2021-09-03 10:29:48",
"name": "incident",
"element_id": "552c48888c033300964f4932b03eb092",
"sys_tags": "",
"value": "test",
"sys_created_by": "admin",
"element": "comments"
}
Case wall
| Result type | Value/Description | Type (Entity \ General) |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution:
If a critical error is reported: "Error executing action "Add Comment To Record". Reason: {0}''.format(error.Stacktrace) If the 404 or 400 status code is reported: "Error executing action "Add Comment To Record". Reason: {0}''.format(error/detail) |
General |
Wait For Comments
Wait for comments related to a specific table record in ServiceNow.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Table Name | String | N/A | Yes | Specify the name of the table to wait for a comment or work note in. Example: incident |
| Record Sys ID | String | N/A | Yes | Specify the record ID to wait for a comment or work note in. |
| Type | DDL | Comment Possible Values:
|
Yes | Specify the type of object that the action needs to wait for. |
| Wait Mode | DDL | Until Timeout Possible values:
|
No | Specify the wait mode for the action. If "Until Timeout" is selected, the action waits and returns all of the comments in that timeout timeframe. If "Until First Message" is selected, the action waits until a new message appears after action execution. If "Until Specific Text" is selected, the action waits until there is a message that is equal to the string provided in the "Text" parameter. Note: The "Text" parameter is mandatory, if "Until Specific Text" is selected. |
| Text | String | N/A | No | Specify the text for which the action needs to wait for. Note: This parameter is only relevant, if "Until Specific Text" is selected for the "Wait Mode" parameter. |
Run on
This action doesn't run on entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success=False |
JSON result
{
"sys_id": "4355183607523010ff23f6fd7c1ed0a8",
"sys_created_on": "2021-09-03 10:29:48",
"name": "incident",
"element_id": "552c48888c033300964f4932b03eb092",
"sys_tags": "",
"value": "test",
"sys_created_by": "admin",
"element": "comments"
}
Case wall
| Result type | Value/Description | Type (Entity \ General) |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
If no new comments are found and "Until Timeout" is selected (is_success=true): "No new {comments/work notes} were added during the timeframe of action execution to {table name} with Sys ID {1} in ServiceNow." Async Message: "Waiting for messages..." The action should fail and stop a playbook execution: If a critical error is reported: "Error executing action "Wait For Comments". Reason: {0}''.format(error.Stacktrace) If the status code 404 or 400 is reported: "Error executing action "Wait For Comments". Reason: {0}''.format(error/detail) If run into a timeout, and "Until Specific Text" and "Until First Message" are selected: "Error executing action "Wait For Comments". Reason: action ran into a timeout during execution. Please increase the timeout in IDE. |
General |
List Record Comments
List comments related to a specific table record in ServiceNow.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Table Name | String | N/A | Yes | Specify the name of the table to list comments or work notes for. Example: incident |
| Record Sys ID | String | N/A | Yes | Specify the record ID to list comments or work notes for. |
| Type | DDL | Comment Possible Values:
|
Yes | Specify whether comment or work note should be listed. |
| Max Results To Return | Integer | 50 | No | Specify the number of results to return. |
Run on
This action doesn't run on entities.
Action results
Script result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success=False |
JSON result
{
"sys_id": "4355183607523010ff23f6fd7c1ed0a8",
"sys_created_on": "2021-09-03 10:29:48",
"name": "incident",
"element_id": "552c48888c033300964f4932b03eb092",
"sys_tags": "",
"value": "test",
"sys_created_by": "admin",
"element": "comments"
}
Case wall
| Result type | Value/Description | Type (Entity \ General) |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
If no comments are found (is_success=true): "No {comments/work notes}
were found for {table name} with Sys ID {1} in ServiceNow." The action should fail and stop a playbook execution: If a critical error is reported: "Error executing action "Wait For Comments". Reason: {0}''.format(error.Stacktrace) If the status code 404 or 400 is reported: "Error executing action "Wait For Comments". Reason: {0}''.format(error/detail) |
General |
Connectors
For detailed instructions on how to configure a connector in Google Security Operations SOAR, see Configuring the connector.
ServiceNow Connector
Fetching incidents from ServiceNow to Google Security Operations SOAR.
How to work with the dynamic list
In this connector, the dynamic list lets you modify the sysparm_query
query that is sent to ServiceNow. You can filter every field supported by
that record type.
To filter out the data, make sure that every dynamic list item contains one field in the following format:
FIELD_NAME=VALUE.
The example of the field is as follows: category=security.
When the Use whitelist as a blacklist parameter is enabled, the connector
modifies the query to work as blocklist instead.
Connector parameters
Use the following parameters to configure the connector:
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Environment | DDL | N/A | Yes | Select the required environment. Example: "Customer One" In case that the alert's Environment field is empty, this alert is injected to this environment. |
| Run Every | Integer | 0:0:0:10 | No | Select the time to run the connection. |
| Product Field Name | String | device_product | Yes | The field name used to determine the device product. Example: "device_product" |
| Event Field Name | String | event_name | Yes | The field name used to determine the event name (sub-type). Example, "event_name" |
| Script Timeout (Seconds) | Integer | 60 | Yes | The timeout limit (in seconds) for the python process running the current script. |
| Rule Generator | String | N/A | No | The field name used to determine the rule generator. |
| API Root | String | https://{dev-instance}.service-now.com/api/now/v1/ | Yes | Address of the ServiceNow instance. |
| Username | String | N/A | Yes | Populated with the name you entered in the previous screen. |
| Password | Password | N/A | Yes | Populated with the password you entered in the previous screen. |
| Incident Table | String | incident | No | This parameter is defining what API root ServiceNow integration is going to use for actions that revolve around incidents. By default, the integration uses the "table/incident" path. |
| Days Backward | Integer | 5 | No | Number of days to fetch incidents from. Example: 3 |
| Max Incidents per Cycle | Integer | 10 | No | Maximum number of incidents to fetch. Example: 10 |
| Server Time Zone | String | UTC | No | The timezone configured in the server—for example, UTC, Asia/Jerusalem. |
| Environment Whitelists | String | N/A | No | The environments (domains) to ingest into Google Security Operations SOAR as a comma-separated list (env1,env2). |
| Table Name | String | N/A | No | The table to fetch from. Example: incident |
| Event Name | String | N/A | No | The name of the event in Google Security Operations SOAR. Example: ServiceNowEvent. |
| Proxy Server Address | String | N/A | No | The address of the proxy server to use. |
| Proxy Username | String | N/A | No | The proxy username to authenticate with. |
| Proxy Password | Password | N/A | No | The proxy password to authenticate with. |
| Client ID | String | N/A | No | Client ID of ServiceNow application. Required for OAuth 2.0 authentication. |
| Client Secret | Password | N/A | No | Client Secret of ServiceNow application. Required for OAuth 2.0 authentication. |
| Refresh Token | Password | N/A | No | Refresh token for ServiceNow application. Required for OAuth 2.0 authentication. |
| Use Oauth Authentication | Checkbox | Unchecked | No | If enabled, the integration uses OAuth 2.0 authentication. The "Client ID", "Client Secret" and "Refresh Token" parameters are mandatory. |
Connector rules
The connector supports proxies.
The connector supports dynamic list and blocklist.
Jobs
Sync Table Record Comments
Synchronize comments in ServiceNow table records and Google Security Operations cases.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| API Root | String | https://{dev-instance}.service-now.com/api/now/v1/ | Yes | API root of the ServiceNow instance. |
| Username | String | N/A | Yes | Username of the ServiceNow account. |
| Password | Password | N/A | Yes | Password of the ServiceNow account. |
| Table Name | String | N/A | Yes | Name of the table to search for the record in. Example: incident |
| Verify SSL | Checkbox | Checked | Yes | If enabled, the integration verifies that the SSL certificate for the connection to the ServiceNow server is valid. |
| Client ID | String | N/A | No | Client ID of ServiceNow application. Required for OAuth 2.0 authentication. |
| Client Secret | Password | N/A | No | Client Secret of ServiceNow application Required for OAuth 2.0 authentication. |
| Refresh Token | Password | N/A | No | Refresh token for ServiceNow application. Required for OAuth 2.0 authentication. |
| Use Oauth Authentication | Checkbox | Unchecked | No | If enabled, the integration uses OAuth 2.0 authentication. The "Client ID", "Client Secret", and "Refresh Token" parameters are mandatory. |
Sync Closed Incidents
Synchronize closed ServiceNow incidents and Google Security Operations alerts.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| API Root | String | https://{dev-instance}.service-now.com/api/now/v1/ | Yes | API root of the ServiceNow instance. |
| Username | String | N/A | Yes | Username of the ServiceNow account. |
| Password | Password | N/A | Yes | Password of the ServiceNow account. |
| Table Name | String | N/A | Yes | Name of the table to search for the incident in. Example: incident |
| Max Hours Backwards | Integer | 24 | No | Specify the number of hours backwards to synchronize statuses. |
| Verify SSL | Checkbox | Checked | Yes | If enabled, the integration verifies that the SSL certificate for the connection to the ServiceNow server is valid. |
| Client ID | String | N/A | No | Client ID of ServiceNow application. Required for OAuth 2.0 authentication. |
| Client Secret | Password | N/A | No | Client Secret of ServiceNow application. Required for OAuth 2.0 authentication. |
| Refresh Token | Password | N/A | No | Refresh token for ServiceNow application. Required for OAuth 2.0 authentication. |
| Use Oauth Authentication | Checkbox | Unchecked | No | If enabled, the integration uses OAuth 2.0 authentication. The "Client ID", "Client Secret" and "Refresh Token" parameters are mandatory. |
Sync Table Record Comments By Tag
Synchronize comments in the ServiceNow table records and Google Security Operations cases
For this job to work, the case must possess two tags:
ServiceNow TABLE_NAMEServiceNow SysID: SYS_ID
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
| API Root | String | https://{dev-instance}.service-now.com/api/now/ | Yes | API root of the ServiceNow instance. |
| Username | String | N/A | Yes | Username of the ServiceNow account. |
| Password | Password | N/A | Yes | Password of the ServiceNow account. |
| Table Name | String | N/A | Yes | Name of the table to search for the record in. Example: incident |
| Verify SSL | Checkbox | Checked | Yes | If enabled, the integration verifies that the SSL certificate for the connection to the ServiceNow server is valid. |
Sync Incidents
Synchronize the ServiceNow incident fields and attachments that are related to
cases and alerts in Google Security Operations. For the job to work, add the
ServiceNow Incident Sync tag to the case and the TICKET_ID value to
either a case or an alert depending on the Sync Level parameter.
An example of the TICKET_ID value is as follows: INC0000050,INC0000051.
Parameters
To configure the job, use the following parameters:
| Parameters | |
|---|---|
API Root |
Required API root of the ServiceNow instance. Default value is
|
Username |
Required Username of the ServiceNow account. |
Password |
Required Password of the ServiceNow account. |
Sync Level |
Required Synchronization level for the job. Possible values:
Default value is |
Max Hours Backwards |
Required Number of hours before now to synchronize the cases from. Default value is 24 hours. |
Verify SSL |
Required If selected, the job verifies that the SSL certificate for connecting to the ServiceNow server is valid. Selected by default. |