Sending Alerts to ServiceNow

ServiceNow is a platform for managing tickets, incidents, and organizational flows. CloudGuard generates findings and sends them to ServiceNow, which records them as new ServiceNow incidents. These can be managed as tickets in ServiceNow and, when resolved, are cleared from CloudGuard in the next assessment.

This page describes the CloudGuard configuration only. To configure your ServiceNow account, install the CloudGuard Dome9 integration app from the ServiceNow store and follow the instructions in the Installation Guide (click to download).

To send a report to ServiceNow:

  1. In CloudGuard, navigate to Settings > Notifications and click Add Notification.

  2. Enter the applicable options as described in Notifications.

  3. In the Immediate Notification section, select Send to HTTP Endpoint. The section of endpoint parameters opens.

    1. Below Endpoint URL, enter your ServiceNow domain URL, for example, https://instance-name.service-now.com/api/x_chpst_dome9/alerts, and select the ServiceNow option.

    2. Set Authentication Type to Basic.

    3. Below Username and Password, enter the credentials for the user that you created for this application role.

    4. Below Endpoint URL, click the Test button to check the integration configuration. If it is correct, you see the message that the Webhook test succeeded.

  4. Click Save.