icon-zcspm.svg
ZCSPM

Integrating with ServiceNow

ZCSPM leverages ServiceNow APIs to automatically create tickets when a misconfiguration is detected. You can configure ZCSPM to create problems, incidents, and problem tasks on ServiceNow whenever a set of security policies fail on chosen cloud accounts:

  • Problem: ZCSPM creates a new ServiceNow problem whenever it detects a new security policy failure for a license. The problem description is the security policy title.
  • Incident: ZCSPM creates a new incident for a problem whenever it detects new assets are failing, even if the incident is for the same security policy. Incidents have the ZCSPM Account Name and the cloud service provider ID such as an AWS Account ID, or an Azure Subscription ID.
  • Problem Task: ZCSPM creates a problem task for every incident it creates with the following information:
    • Summary
    • List of failed assets
    • Audit instructions
    • Remediation instructions

Ensure that your ServiceNow instance is online.

To integrate ZCSPM with ServiceNow:

  1. Log in to the ZCSPM admin portal and navigate to Configurations > Integrations.
  2. Under Incident Management, click Edit.

  1. From the Select Ticketing System drop-down menu, select ServiceNow.
  2. Click Configure. In the Configure ServiceNow pop-up window:
    • Instance Name: Enter the ServiceNow instance name.
    • Instance Username: Enter the ServiceNow instance username.
    • Instance Password: Enter the ServiceNow instance password.
    • Assign Ticket To: Enter an email address. Tickets created by ZCSPM using this integration are assigned to this email address.
    • Custom Fields: (Optional) Click Add Custom Field to add additional parameters which ZCSPM should send to ServiceNow:
      • Field Name: Enter the field name, e.g., Severity.
      • Field Value: Enter the field value. e.g., Configuration item.
      • Field Type: Choose between incident, problem, or problem task.

    If you create custom fields, certain values for the specified type cannot be used because ZCSPM uses the values to send misconfiguration information, such as policy title:

    • If the custom Field Type is Problem, do not use the following values:
      • short_description
      • description
    • If the custom Field Type is Incident, do not use the following values:
      • short_description
      • description
      • problem_id
      • state
      • priority
      • urgency
      • impact
      • assigned_to
      • caller_id
    • If the custom Field Type is Problem Task, do not use the following values:
      • short_description
      • description
      • problem
      • workaround
      • problem_task_type
  3. Click Save.
  4. Under Ticket Creation Frequency, select one of the following:
    • None
    • Daily
    • Weekly
    • Monthly
  5. Under Select Accounts, select one of the following:
    • All Accounts: Choose this if you want to enable the integration for all accounts.
    • Selected Accounts: Choose this if you want to enable the integration for only some accounts. Search for the accounts you want. Then click Move Right to include the accounts.
  6. Select a cloud service provider, then move the available categories in to the following categories:
    • High Priority
    • Medium Priority
    • Low Priority
    ZCSPM creates tickets with the following parameters for different priority categories:
    ZCSPM Priority Category ServiceNow Ticket Impact ServiceNow Ticket Urgency ServiceNow Ticket Priority
    High 2 1 2
    Medium 1 3 3
    Low 3 3 4
  7. Click Save.

Related Articles
Integrating with ServiceNowIntegrating with Zendesk