ServiceNow Ticketing Integration

Cisco Vulnerability Management’s ticketing integrations allow customers to take advantage of our powerful prioritization and reporting platform to streamline your remediation workflow and ensure that you’re able to close the vulnerabilities that Cisco Vulnerability Management prioritizes for you. With the ServiceNow Ticketing Integration, you can choose between the Incidents table or the Requests table. 

Adding the ServiceNow Ticketing Connector

Creating a ServiceNow Ticket

Data Flow between Cisco Vulnerability Management and ServiceNow Ticketing

Advanced Options/Custom Templates

Additional Assistance

Prerequisites

  • Ensure the user account has access to the templates that you want to use through the user/group setting or by setting the template to Global.
  • The user account must have read/write access to the Incidents table and the ITIL role or equivalent is recommended.
  • The user account must have read access to the sys_choice table.

Configuring the ServiceNow Ticketing Connector in Cisco Vulnerability Management

1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Ticketing section, click ServiceNow Ticketing.

ServiceNow-Ticketing-UI.png

4. On the ServiceNow page, enter the following information:

ServiceNow_Ticketing_Connector.png

  • Name: Enter a name for the connector, or leave it as ServiceNow.
  • Username and Password: Enter the credentials for the account you're using.
  • Host: Enter the information for the ServiceNow host.
  • Templates: Select the templates that you want to use.

5. Click Save and Verify.

Creating a ServiceNow Ticket for a Vulnerability or a Fix

You can create tickets to either address a vulnerability (or set of vulnerabilities) or apply a fix directly in .Cisco Vulnerability Management You can create tickets from both the Vulnerabilities tab and the Fixes tab.

1. In the Cisco Vulnerability Management UI, click VM > Explore.
2. Click the Vulnerabilities tab or the Fixes tab.
3. Select a vulnerability or a fix in the list.
4. Click the ServiceNow Ticket button.

ServiceNow_Ticket.png

Creating a ServiceNow Ticket for a Top Fix Group

You can create a ServiceNow ticket for any Top Fix group after your connector is created. Each group can contain up to three fixes, all of which will included in the ServiceNow ticket when it is opened.
1. In the Cisco Vulnerability Management UI, click VM > Dashboard.
2. Click the Top Fixes button for the group that you want to open a ticket for.
3. Click the ServiceNow issue button.

FixGroups.png

4. On the ServiceNow Connector page, a standard set of fields with choice values loaded from your specific ServiceNow instance displays. Users can select data for any of the fields. The Short Description and Description fields are pre-populated with the appropriate vulnerability or fix data.

Request.png

 

Viewing ServiceNow ticket information

Whether the ServiceNow ticket creation is initiated from Vulnerabilities, Fixes, or Fix Groups, incident metadata becomes specifically tied to the associated vulnerabilities. Visually that is displayed in Cisco Vulnerability Management in multiple ways. First, any vulnerability with an associated ticket will display in orange on the Vulnerabilities tab.

CVE.png

The specific ServiceNow Incident number is displayed on the Vulnerability Details page for the vulnerability. To get to the Vulnerability Details page, click on the vulnerability name or the blue arrow.

External_ID.png

 

Incident details are at the bottom right-hand side of the vulnerability detail page. When you click the link to “View Incident”, you will be directed to the Incident Ticket in your ServiceNow instance.

Incidents.png

Data Flow between Cisco Vulnerability Management and ServiceNow Ticketing

Data flow between Cisco Vulnerability Management and ServiceNow is somewhat bi-directional. Tickets in ServiceNow are populated with asset, vulnerability, and fix information from Cisco Vulnerability Management. A nightly data synchronization will pull in the service ticket number and ticket status from ServiceNow but will not update the vulnerability status in Cisco Vulnerability Management. Therefore, status changes of Open/Closed/Deleted made to a ticket in ServiceNow as part of the remediation workflow are synchronized back to Cisco Vulnerability Management. However, any vulnerabilities associated with the ticket will not be marked as closed until data is retrieved from the scanning platform confirming the vulnerability is fixed. Once the ticket has been created in ServiceNow, a notification bar will appear at the top of the page with the incident number which is a link to the new ticket in ServiceNow.

ServiceNow ticket data is fully accessible from Cisco Vulnerability Management and can be used as filter criteria from the right hand search pane in the VM Explore view as shown below.

Data_flow.png

Advanced Options/Custom Templates

The Cisco Vulnerability Management SeviceNow Ticketing integration is built on the default Incidents table in ServiceNow, but Cisco Vulnerability Management can use other tables such as the Change, Problem, or Requests table. To use a different table, you will need to provide the table name to the Cisco Customer Experience team to configure. Regardless of which table you choose, the default fields will be based on the Incidents table and currently cannot be changed. The following are the default fields Cisco Vulnerability Management will import:

Category Caller
Subcategory Assignment Group
Impact Assign To
Urgency Short Description
Priority Description

Cisco Vulnerability Management will connect to ServiceNow to retrieve the list of available choices for each of the listed fields and display them in the form presented to the Cisco Vulnerability Management user. The options displayed for each field will be retrieved from the Incident table first and then from the Tasks table if choices are not defined on the Incidents table. Changes to the choices should be made in the Tables section of ServiceNow. If you would like to increase the character limit for the description field, this can be increased up to 4,000 characters.

To ensure efficient and effective integration of Cisco Vulnerability Management into your existing operational process, you can develop and use custom templates in Cisco Vulnerability Management. Custom templates allow for preselected values to be set for Cisco Vulnerability Management created tickets, saving users the time of having to find and select values for each of the fields. Example: If 90% of your tickets will have the same Category, Subcategory and Assignment Group, you can create a custom template which will prevent users from having to select those values every time they enter a ticket.

DemoTemplate.png

The form that displays in Cisco Vulnerability Management based on the above template will display “ServiceNow Template Preset” text for each of the fields where the user is not required to make a selection. However, the full list of choices is available if the user needs to make a non-standard selection.

Template_Preset.png

Additional static fields can be added to the custom template but they will not be displayed to users as selectable fields, instead they will be listed as “Additional Preset Fields” at the bottom of the form for information purposes only. For example, this False Positive template has a number of preset fields at the bottom.

FalsePositive_Template.png

Note: Cisco Vulnerability Management uses the Short Description and Description fields to populate vulnerability and fix data. However, if you prefer, you can enter data in the Short Description and Description fields in your custom template and Cisco Vulnerability Management will use that data to populate the fields that display in the ServiceNow Connector page that displays when you click the ServiceNow Ticket button.

Additional Assistance

Troubleshooting Tips:

  1. If fields on your template never change from the status “Loading…”, try adding choice values specifically on the Incident table in addition to the definition on the Tasks table.
  2. The Template cache is refreshed hourly. During iterative testing of templates, you will need to delete and re-add the ServiceNow Connector if you want to see template changes immediately. No ticket data will be removed from vulnerabilities even when any warnings suggest otherwise.

Contact Support if you require any additional assistance with the ServiceNow Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.