ServiceNow vulnerability
  • 08 Jul 2024
  • 1 Minute to read
  • Contributors
  • Dark
    Light

ServiceNow vulnerability

  • Dark
    Light

Article summary

ServiceNow Vulnerability Response is a module within the ServiceNow platform that helps organizations manage the lifecycle of vulnerabilities, including identification, prioritization, remediation, and verification.

Setup and Configure

The scope is a mechanism to let an application request limited access to a user’s data. ServiceNow platform supports authentication scopes to allow admins to limit access of an OAuth client application to a specific REST API. 

Prerequisite Role required:  choose the admin role for Create an OAuth API endpoint for external clients.

Navigate to System OAuth > Application Registry and then click New. On the "interceptor" page, click Create an OAuth API endpoint for external clients and then fill in the form.

Name

Unique Name that identifies the application

Client ID

This will be auto-generated by the instance (to be provided to DataBee)

Client Secret

This will be auto-generated by the instance (to be provided to DataBee)

Refresh Token Lifespan

8,640,000 seconds (100 days) & can be increased

Access Token Lifespan

1800 seconds (30 Minutes) & can be increased


For OAuth, the 'grant type' will be Password credentials, the 'scope' will be useraccount and the 'token URL' will be https://instance.service-now.com/oauth_token.do.

Prerequisite Role for 'create user': user_admin

Create a user in the User table and make sure the 'Time Zone' field is set to UTC to get the UTC date in the API. This user should be active, not locked out so that instance can produce an access token for OAuth.

For example:

User ID

rest.user

Password

rest.user

Web service access only

true


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence