How do I setup integration with ServiceNow?

Integrate and send tickets directly into ServiceNow. This allows for quicker and easier management of your vulnerabilities. The ticket status will be updated automatically in ServiceNow.

Integration setup

To integrate Holm Security with ServiceNow, follow the steps below.

  1. Log in to Security Center.
  2. Click on the Menu Icon in the top right corner.
  3. Click Integrations > Remediation > ServiceNow.
  4. Enable ServiceNow by checking the checkbox.
  5. Enter your ServiceNow cloud credentials:
    • Username
    • Password
    • URL
    • Ticket naming
  6. Click Establish Connection.
    Once connected, two drop downs will appear, allowing you to connect the integration with "Table" and "Assignment group."
    Note: Currently, you can choose between two tables, Ticket or Incident tables. When a ticket/incident is created, it will be automatically assigned to the chosen assignment group.
  7. Click OK
  8. Done!

Turn on the notifications for ServiceNow in Remediation > Setup > Enable ServiceNow notifications.

Ticket status update

Task status is being automatically synchronized with Vulnerability Manager and the remediation module - it means that if our scanner detects that vulnerability no longer exists, it will close the ticket (with status fixed) in the Remediation module and the ticket in ServiceNow.

Example scenario

  1. The scanner detected a vulnerability, which was reported in Vulnerability Manager.
  2. The security engineer verified the vulnerability and created a ticket from Security Center level (tickets can also be created automatically based on policy rules without any human interactions; read more about it in this article: How do I create a remediation policy? - tickets are being created in the Remediation module and ServiceNow, including all necessary descriptions.
  3. A responsible person remediates the vulnerability.
  4. The customer reruns the scan (scans can also run automatically if there is an active schedule setup).
  5. The scanner is verifying whether the previously defined vulnerability still exists - if not, the task is being closed both in the ServiceNow system and the remediation module.