ServiceNow Vulnerability

The ServiceNow Vulnerability Management allows you to identify, prioritize, and respond to software issues and misconfigurations that could be exploited by attackers. For more information refer to the ServiceNow’s official documentation.

Integration Method: API

Tables: Vulnerability Finding Class (2002)

This integration supports the following events.

This integration supports the following versions.

Prerequisites

• The user should have access to the ServiceNow Vulnerability Admin privileges for creating an OAuth API endpoint for external clients.

• The user should have access to the DataBee console.

Configuration Overview

1. Generate API credentials on the ServiceNow console with the required user roles.

   1. Create OAuth client application.

   2. Create user.

   3. Assign roles to user.

2. Add the ServiceNow data feed integration in the DataBee console with the required API credentials.

   DataBee Parameter	ServiceNow Parameter
   Client Key	Client ID
   Client Secret	Client Secret
   Username	User ID
   Password	Password
   Token URL:<instance>	ServiceNow Instance
   API URL :<instance>	ServiceNow Instance

ServiceNow Configuration

The scope mechanism limits an application request. ServiceNow platform supports authentication scopes to allow admins to limit access of an OAuth client application to a specific REST API.

Create OAuth client application

1. Get the ServiceNow instance from the URL as highlighted below.
    

2. Navigate to All.

   1. In the search bar, enter System OAuth.

   2. Navigate to System OAuth > Application Registry.
       

3. Click on the New button.
    

4. On the Interceptor page, click Create an OAuth API endpoint for external clients.
    

5. Fill in the required details in the form:

   1. Name: enter a unique name for OAuth client application.

   2. Client ID: automatically generated by the ServiceNow OAuth server.

   3. Client Secret: enter Client secret for the OAuth application or leave empty for auto generation.

      Copy the Client ID for later use.

6. Click on the Submit button.

   
   

7. Select the Application created in the previous step from the Application Registries list.

   

8. Click on Lock icon then save the Client Secret for later user.
    

   Name	Unique Name that identifies the application
   Client ID	This is auto generated by the instance and is used in DataBee.
   Client Secret	This is auto generated by the instance and is used in DataBee.
   Refresh Token Lifespan	8,640,000 seconds (100 days) & can be increased.
   Access Token Lifespan	1800 seconds (30 Minutes) & can be increased.

Create User

1. Navigate to All.

   1. In the search bar, enter User Administration.

   2. Navigate to User Administration > Users.

   

2. Click on the New button. The “Create User” form window will appear.
    

3. Fill in the required fields to create a user:

   1. User ID: enter a unique username.

   2. First Name: enter the user's first name.

   3. Last Name: enter the user's last name.

   4. Time Zone: set to GMT/UTC to ensure the API response includes GMT/UTC dates.

   5. Date Format: set to System (yyyy-MM-dd).

   6. Active: ensure the checkbox is selected.

   7. Locked Out: ensure the checkbox is not selected.

   The user must be active and not locked out to allow the instance to generate an access token for OAuth.

   Copy the User ID for later use.

   Click the Submit button.

   

4. Search username for the ‘User ID’ created in the previous step and click on it.
    

5. Click on the Set Password button.
    

6. Click on the Generate button and copy the password for later use.

   1. Click on the Save Password button.

   2. Click on the Close button.
       

Assign roles to user

1. Go to Roles tab and click on Edit to assign roles to user.
    

2. In the search bar:

   1. Enter "sn_vul.read_all" and select it. Click the Add button.

   2. Click the Save button.
       

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
    

2. Search for Servicenow Vulnerability and click it as shown below.
    

3. Click on the API Ingest option for collection method.
    

4. Enter feed contact information and click Next.
    

5. In the configuration page, confirm the following:

   • API Base URL: replace <instance> with your ServiceNow Instance.

   • Authorization Method: OAuth2

   • Username: paste the User ID.

   • Password: paste the Password.

   • Client Key: paste the Client ID generated earlier in the ServiceNow Platform.

   • Client Secret: paste the Client Secret generated earlier in the ServiceNow Platform.

   • Token URL: replace <instance> with your ServiceNow Instance.

   • Event Types: preselected for all the event types that integration pulls.

    

6. Click Submit.

Troubleshooting Tips

• Ensure the client key, client secret, instance, username and password are pasted correctly. Since you cannot view the client key and secret after the 1^st time, re-create the creds, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

• Make sure the required user role is assigned.