Configuring ServiceNow Integration

Overview Direct link to this section

This guide outlines how to configure ServiceNow to sync incident tickets with Arctic Wolf®.

Requirements Direct link to this section

• The following ServiceNow accounts:
  • An account with the first name AWN, last name Integration, and User ID AWN.Integration that is used for a business rule filter.
  • A service account

    Note: The service account and the AWN.Integration account can either be the same account, or separate accounts. Both accounts can have Web service access only selected in their user settings.

• The following information provided by Arctic Wolf:
  • ServiceNow update sets
  • A webhook URL and security token
• Download the awn-servicenow-update-set file to use in Import ServiceNow update sets.

Configure the ServiceNow integration Direct link to this section

1. Provide ServiceNow credentials to Arctic Wolf
2. Import ServiceNow update sets
3. Assign integration account role
4. Provide integration information to Arctic Wolf
5. Update ServiceNow system properties

Step 1: Provide ServiceNow credentials to Arctic Wolf Direct link to this section

1. Sign in to the Arctic Wolf Portal.

2. Select Connected Accounts in the banner menu to open the Connected Accounts page.

   

3. Select +Add Account to open the Add Account form.

4. Select ITSM Ticketing Integration as the Account Type.

5. Fill in the form:

   1. Enter a descriptive name for the credentials.
   2. Enter the URL of the production ServiceNow tenant.

   Note: The URL must include https://, like https://<instance_name>.service-now.com.

   3. Enter the User ID and password for the service account that will be used for the Arctic Wolf integration.

   Note: If one account is being used for both the service account and for business rule filtering, then the User ID must be AWN.Integration. See Requirements for more information.

6. Select Submit to CST.

7. When prompted with the confirmation message, review your submission, and then select Done. You are returned to the Connected Accounts page.

8. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.

After Arctic Wolf configures the integration for your account, the status of your credentials changes to Connected.

Step 2: Import ServiceNow update sets Direct link to this section

1. Sign in to your ServiceNow instance using administrator credentials.
2. In the Filter navigator, enter Retrieved Update Sets.
3. From the results, select Retrieved Update Sets under System Update Sets.
4. Complete these steps for each update set received from Arctic Wolf:
   1. On the Retrieved Update Sets page, under Related Links, click Import Update Set from XML.
   2. On the Import XML window, click Browse.
   3. Select the Arctic Wolf update set that you downloaded in Requirements to install.
   4. Click Upload.
   5. On the Retrieved Update Sets page, select the name of the Arctic Wolf update set.
   6. Click Preview Update Set to preview the changes contained in the update set.
   7. If there are conflicts between sys_properties in the update set and your ServiceNow instance, select Skip Remote Update to maintain your existing sys_properties configuration.
   8. For any remaining conflicts, select Accept Remote Update to accept the new changes.
   9. Click Close.
   10. Click Commit Update Set.
   11. Once the commit reaches Succeeded 100%, click Close.

Step 3: Assign integration account role Direct link to this section

1. In the Filter navigator, enter User Administration.
2. From the results, select Users under User Administration.
3. Select the service account that was submitted in Provide ServiceNow credentials to Arctic Wolf.
4. Select the Roles tab.
5. Click Edit.
6. Select AWN Integration Role under Collection.
7. Click > Add to add the role from Collection to the Roles List.
8. Click Save.

Step 4: Provide integration information to Arctic Wolf Direct link to this section

1. Send the following integration information to your Arctic Wolf team through the Arctic Wolf Unified Portal:

• Assignment group sys id
• Assignment group name
• Priority Mappings — From your Priority Lookup Rule, the numerical value for the impact and urgency that correspond to Low, Moderate, High, and Critical priority.
  • low_priority_impact
  • low_priority_urgency
  • moderate_priority_impact
  • moderate_priority_urgency
  • high_priority_impact
  • high_priority_urgency
  • urgent_priority_impact
  • urgent_priority_urgency
• Closure State — Resolved, Closed, or Custom
• Re-opening State — New, In Progress, or Custom
• Company sys id
• Company name

2. Proceed to Update ServiceNow system properties after you hear back from Arctic Wolf. You will be provided with the webhook URL and security token.

Step 5: Update ServiceNow system properties Direct link to this section

1. In the Filter navigator, search for sys_properties.list and press Enter.
2. From the System Properties page, select ArcticWolf_ENDPOINT_WEBHOOK_URL.
3. Under Value, replace TO_DO_GET_FROM_ARCTIC_WOLF with the webhook URL provided by Arctic Wolf.
4. Select Ignore cache if it is not already selected.
5. Click Update.
6. Repeat this process to update the ArcticWolf_ENDPOINT_WEBHOOK_TOKEN system property with the security token provided by Arctic Wolf.

Next steps Direct link to this section

• Verifying ServiceNow Permissions.

Create a ServiceNow ticket for Arctic Wolf Direct link to this section

After you have configured the ServiceNow integration, you can create a ticket for any incident.

1. In your ServiceNow instance, create a new incident.
2. Under Caller, enter AWN Integration.
3. Under Company, enter the organization that this incident relates to.
4. Fill out the remaining fields as appropriate.

   Tip: See Create an incident in the external ServiceNow documentation for more information about each field.

5. If you included attachments, ensure that the total attachment size is less than 50 MB.
6. Click Submit to send the incident to Arctic Wolf.