ServiceNow Configuration

Updated Nov 29, 2023

Configure ServiceNow to integrate with Arctic Wolf

You can configure ServiceNow® to synchronize incident tickets with Arctic Wolf®.

Requirements

Before you begin

Steps

  1. Provide your credentials to Arctic Wolf.
  2. Import ServiceNow update sets.
  3. Assign integration account role.
  4. Provide integration information to Arctic Wolf.
  5. Update ServiceNow system properties.

Step 1: Provide your credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. In the menu bar, click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select ITSM Ticketing Integration.

  5. In the Cloud Service list, select ITSM ServiceNow Account.

  6. On the Add Account page, in the Select a Cloud service section, configure these settings:

    • Account Type — Select ITSM Ticketing Integration.
    • Search Services — Select ITMS ServiceNow Account.
  7. On the Add Account page, in the Add account information section, configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.
    • ServiceNow URL — Enter the URL of the production ServiceNow tenant.

      Note: The URL must include https://. For example, https://<instance_name>.service-now.com.

    • ServiceNow Username — Enter the User ID for the service account that will be used for the Arctic Wolf integration.

      Note: If one account is being used for both the service account and for business rule filtering, then the User ID must be AWN.Integration. See Requirements for more information.

    • ServiceNow Password — Enter a password for the service account.
    • Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.
  8. Click Test and submit credentials.

    After Arctic Wolf configures the integration for your account, the status of your credentials changes to Healthy.

Step 2: Import ServiceNow update sets

Note: An AWN.Integration account must be created before completing this procedure. See Requirements for more information.

  1. Sign in to your ServiceNow instance using administrator permissions.
  2. In the Filter navigator search bar, enter Retrieved Update Sets.
  3. In the search results, in the System Update Sets section, select Retrieved Update Sets.
  4. For each update set received from Arctic Wolf, complete these steps:
    1. On the Retrieved Update Sets page, in the Related Links section, click Import Update Set from XML.
    2. On the Import XML page, click Browse.
    3. Select the Arctic Wolf update set that you downloaded in Before you begin.
    4. Click Upload.
    5. On the Retrieved Update Sets page, select the name of the Arctic Wolf update set.
    6. Click Preview Update Set.
    7. If there are conflicts between sys_properties in the update set and your ServiceNow instance, click Skip Remote Update to maintain your existing sys_properties configuration.
    8. For any remaining conflicts, select Accept Remote Update to accept the new changes.
    9. Click Close.
    10. Click Commit Update Set.
    11. Click Close, when you are prompted by the "Succeeded 100%" message.

Step 3: Assign integration account role

  1. In the Filter navigator search bar, enter User Administration.
  2. In the search results, in the User Administration section, select Users.
  3. Select the service account that was submitted in Provide ServiceNow credentials to Arctic Wolf.
  4. Click the Roles tab.
  5. Click Edit.
  6. In the Collection section, select AWN Integration Role.
  7. Click > Add to add the role from Collection to the Roles List.
  8. Click Save.

Step 4: Provide integration information to Arctic Wolf

Note: You must provide the information from this procedure to Arctic Wolf before you can proceed to Update ServiceNow system properties.

  1. Send this integration information to your CST at security@arcticwolf.com:

    • Assignment group sys ID
    • Assignment group name
    • Priority Mappings — From your Priority Lookup Rule, the numerical value for the impact and urgency that correspond to Low, Moderate, High, and Critical priority.
      • low_priority_impact
      • low_priority_urgency
      • moderate_priority_impact
      • moderate_priority_urgency
      • high_priority_impact
      • high_priority_urgency
      • urgent_priority_impact
      • urgent_priority_urgency
    • Closure State — Resolved, Closed, or Custom
    • Re-opening State — New, In Progress, or Custom
    • Company sys ID
    • Company name

    After providing this information to your CST, they will provide the webhook URL and security token that you need to complete the ServiceNow integration process.

Step 5: Update ServiceNow system properties

  1. In the Filter navigator bar, enter sys_properties.list.
  2. On the System Properties page, click ArcticWolf_ENDPOINT_WEBHOOK_URL.
  3. In the Value field, replace TO_DO_GET_FROM_ARCTIC_WOLF with the webhook URL provided by Arctic Wolf.
  4. Select Ignore cache, if it is not already selected.
  5. Click Update.
  6. Repeat this process to update the ArcticWolf_ENDPOINT_WEBHOOK_TOKEN system property with the security token provided by Arctic Wolf.

Next steps

Create a ServiceNow ticket for Arctic Wolf

After you have configured the ServiceNow integration, you can create a ticket for any incident.

Note: The email address of the person creating the ticket in ServiceNow must be listed as a contact of your organization with Arctic Wolf.

  1. Sign in to your ServiceNow instance.

  2. Click All > Incident > Create New, and then configure these settings:

    • Caller — Enter AWN Integration.
    • Company — Enter the organization that this incident relates to.
    • Configure the remaining fields as appropriate. See Create an incident for more information.
  3. If you included attachments, make sure that the total attachment size is less than 50 MB.

  4. Click Submit.