ServiceNow Configuration
Updated Nov 29, 2023Configure ServiceNow to integrate with Arctic Wolf
You can configure ServiceNow® to synchronize incident tickets with Arctic Wolf®.
Requirements
- These ServiceNow accounts:
- An account with the first name AWN, last name Integration, and User ID AWN.Integration that is used for a business rule filter.
- A service account
Note: The service account and the AWN.Integration account can either be the same account or separate accounts. Both accounts can have Web service access only selected in their user settings.
- This information provided by Arctic Wolf:
- ServiceNow update sets
- A webhook URL and security token
Before you begin
- Download the awn-servicenow-update-set file to use in Import ServiceNow update sets.
- Contact your Concierge Security® Team (CST) at security@arcticwolf.com to determine if ServiceNow Data Policy settings that are applied to the Incident table will impact integration.
Steps
- Provide your credentials to Arctic Wolf.
- Import ServiceNow update sets.
- Assign integration account role.
- Provide integration information to Arctic Wolf.
- Update ServiceNow system properties.
Step 1: Provide your credentials to Arctic Wolf
-
Sign in to the Arctic Wolf Unified Portal.
-
In the menu bar, click Telemetry Management > Connected Accounts.
-
Click Add Account +.
-
On the Add Account page, in the Account Type list, select ITSM Ticketing Integration.
-
In the Cloud Service list, select ITSM ServiceNow Account.
-
On the Add Account page, in the Select a Cloud service section, configure these settings:
- Account Type — Select ITSM Ticketing Integration.
- Search Services — Select ITMS ServiceNow Account.
-
On the Add Account page, in the Add account information section, configure these settings:
- Account Name — Enter a unique and descriptive name for the account.
- ServiceNow URL — Enter the URL of the production ServiceNow tenant.
Note: The URL must include
https://
. For example,https://<instance_name>.service-now.com
. - ServiceNow Username — Enter the User ID for the service account that will be used for the Arctic Wolf integration.
Note: If one account is being used for both the service account and for business rule filtering, then the User ID must be AWN.Integration. See Requirements for more information.
- ServiceNow Password — Enter a password for the service account.
- Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.
-
Click Test and submit credentials.
After Arctic Wolf configures the integration for your account, the status of your credentials changes to Healthy.
Step 2: Import ServiceNow update sets
Note: An AWN.Integration account must be created before completing this procedure. See Requirements for more information.
- Sign in to your ServiceNow instance using administrator permissions.
- In the Filter navigator search bar, enter
Retrieved Update Sets
. - In the search results, in the System Update Sets section, select Retrieved Update Sets.
- For each update set received from Arctic Wolf, complete these steps:
- On the Retrieved Update Sets page, in the Related Links section, click Import Update Set from XML.
- On the Import XML page, click Browse.
- Select the Arctic Wolf update set that you downloaded in Before you begin.
- Click Upload.
- On the Retrieved Update Sets page, select the name of the Arctic Wolf update set.
- Click Preview Update Set.
- If there are conflicts between
sys_properties
in the update set and your ServiceNow instance, click Skip Remote Update to maintain your existingsys_properties
configuration. - For any remaining conflicts, select Accept Remote Update to accept the new changes.
- Click Close.
- Click Commit Update Set.
- Click Close, when you are prompted by the "Succeeded 100%" message.
Step 3: Assign integration account role
- In the Filter navigator search bar, enter
User Administration
. - In the search results, in the User Administration section, select Users.
- Select the service account that was submitted in Provide ServiceNow credentials to Arctic Wolf.
- Click the Roles tab.
- Click Edit.
- In the Collection section, select AWN Integration Role.
- Click > Add to add the role from Collection to the Roles List.
- Click Save.
Step 4: Provide integration information to Arctic Wolf
Note: You must provide the information from this procedure to Arctic Wolf before you can proceed to Update ServiceNow system properties.
-
Send this integration information to your CST at security@arcticwolf.com:
- Assignment group sys ID
- Assignment group name
- Priority Mappings — From your Priority Lookup Rule, the numerical value for the impact and urgency that correspond to Low, Moderate, High, and Critical priority.
- low_priority_impact
- low_priority_urgency
- moderate_priority_impact
- moderate_priority_urgency
- high_priority_impact
- high_priority_urgency
- urgent_priority_impact
- urgent_priority_urgency
- Closure State — Resolved, Closed, or Custom
- Re-opening State — New, In Progress, or Custom
- Company sys ID
- Company name
After providing this information to your CST, they will provide the webhook URL and security token that you need to complete the ServiceNow integration process.
Step 5: Update ServiceNow system properties
- In the Filter navigator bar, enter
sys_properties.list
. - On the System Properties page, click ArcticWolf_ENDPOINT_WEBHOOK_URL.
- In the Value field, replace
TO_DO_GET_FROM_ARCTIC_WOLF
with the webhook URL provided by Arctic Wolf. - Select Ignore cache, if it is not already selected.
- Click Update.
- Repeat this process to update the
ArcticWolf_ENDPOINT_WEBHOOK_TOKEN
system property with the security token provided by Arctic Wolf.
Next steps
- Complete Verifying ServiceNow Permissions.
Create a ServiceNow ticket for Arctic Wolf
After you have configured the ServiceNow integration, you can create a ticket for any incident.
Note: The email address of the person creating the ticket in ServiceNow must be listed as a contact of your organization with Arctic Wolf.
-
Sign in to your ServiceNow instance.
-
Click All > Incident > Create New, and then configure these settings:
- Caller — Enter AWN Integration.
- Company — Enter the organization that this incident relates to.
- Configure the remaining fields as appropriate. See Create an incident for more information.
-
If you included attachments, make sure that the total attachment size is less than 50 MB.
-
Click Submit.