ServiceNow ConfigurationUpdated Nov 29, 2023
- Configure ServiceNow to integrate with Arctic Wolf
- Create a ServiceNow ticket for Arctic Wolf
You can configure ServiceNow® to synchronize incident tickets with Arctic Wolf®.
- These ServiceNow accounts:
- An account with the first name AWN, last name Integration, and User ID AWN.Integration that is used for a business rule filter.
- A service account
Note: The service account and the AWN.Integration account can either be the same account or separate accounts. Both accounts can have Web service access only selected in their user settings.
- This information provided by Arctic Wolf:
- ServiceNow update sets
- A webhook URL and security token
- Download the awn-servicenow-update-set file to use in Import ServiceNow update sets.
- Contact your Concierge Security® Team (CST) at firstname.lastname@example.org to determine if ServiceNow Data Policy settings that are applied to the Incident table will impact integration.
- Provide your credentials to Arctic Wolf.
- Import ServiceNow update sets.
- Assign integration account role.
- Provide integration information to Arctic Wolf.
- Update ServiceNow system properties.
Sign in to the Arctic Wolf Unified Portal.
In the menu bar, click Telemetry Management > Connected Accounts.
Click Add Account +.
On the Add Account page, in the Account Type list, select ITSM Ticketing Integration.
In the Cloud Service list, select ITSM ServiceNow Account.
On the Add Account page, in the Select a Cloud service section, configure these settings:
- Account Type — Select ITSM Ticketing Integration.
- Search Services — Select ITMS ServiceNow Account.
On the Add Account page, in the Add account information section, configure these settings:
- Account Name — Enter a unique and descriptive name for the account.
- ServiceNow URL — Enter the URL of the production ServiceNow tenant.
Note: The URL must include
https://. For example,
- ServiceNow Username — Enter the User ID for the service account that will be used for the Arctic Wolf integration.
Note: If one account is being used for both the service account and for business rule filtering, then the User ID must be AWN.Integration. See Requirements for more information.
- ServiceNow Password — Enter a password for the service account.
- Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.
Click Test and submit credentials.
After Arctic Wolf configures the integration for your account, the status of your credentials changes to Healthy.
Note: An AWN.Integration account must be created before completing this procedure. See Requirements for more information.
- Sign in to your ServiceNow instance using administrator permissions.
- In the Filter navigator search bar, enter
Retrieved Update Sets.
- In the search results, in the System Update Sets section, select Retrieved Update Sets.
- For each update set received from Arctic Wolf, complete these steps:
- On the Retrieved Update Sets page, in the Related Links section, click Import Update Set from XML.
- On the Import XML page, click Browse.
- Select the Arctic Wolf update set that you downloaded in Before you begin.
- Click Upload.
- On the Retrieved Update Sets page, select the name of the Arctic Wolf update set.
- Click Preview Update Set.
- If there are conflicts between
sys_propertiesin the update set and your ServiceNow instance, click Skip Remote Update to maintain your existing
- For any remaining conflicts, select Accept Remote Update to accept the new changes.
- Click Close.
- Click Commit Update Set.
- Click Close, when you are prompted by the "Succeeded 100%" message.
- In the Filter navigator search bar, enter
- In the search results, in the User Administration section, select Users.
- Select the service account that was submitted in Provide ServiceNow credentials to Arctic Wolf.
- Click the Roles tab.
- Click Edit.
- In the Collection section, select AWN Integration Role.
- Click > Add to add the role from Collection to the Roles List.
- Click Save.
Note: You must provide the information from this procedure to Arctic Wolf before you can proceed to Update ServiceNow system properties.
Send this integration information to your CST at email@example.com:
- Assignment group sys ID
- Assignment group name
- Priority Mappings — From your Priority Lookup Rule, the numerical value for the impact and urgency that correspond to Low, Moderate, High, and Critical priority.
- Closure State — Resolved, Closed, or Custom
- Re-opening State — New, In Progress, or Custom
- Company sys ID
- Company name
After providing this information to your CST, they will provide the webhook URL and security token that you need to complete the ServiceNow integration process.
- In the Filter navigator bar, enter
- On the System Properties page, click ArcticWolf_ENDPOINT_WEBHOOK_URL.
- In the Value field, replace
TO_DO_GET_FROM_ARCTIC_WOLFwith the webhook URL provided by Arctic Wolf.
- Select Ignore cache, if it is not already selected.
- Click Update.
- Repeat this process to update the
ArcticWolf_ENDPOINT_WEBHOOK_TOKENsystem property with the security token provided by Arctic Wolf.
- Complete Verifying ServiceNow Permissions.
After you have configured the ServiceNow integration, you can create a ticket for any incident.
Note: The email address of the person creating the ticket in ServiceNow must be listed as a contact of your organization with Arctic Wolf.
Sign in to your ServiceNow instance.
Click All > Incident > Create New, and then configure these settings:
- Caller — Enter AWN Integration.
- Company — Enter the organization that this incident relates to.
- Configure the remaining fields as appropriate. See Create an incident for more information.
If you included attachments, make sure that the total attachment size is less than 50 MB.