ServiceNow provides intelligent and automated workflows across the enterprise. It supports real-time communication, collaboration, and resource sharing across various functions.
This document provides information about the ServiceNow connector, which facilitates automated interactions, with a ServiceNow server using FortiSOAR™ playbooks. Add the ServiceNow connector as a step in FortiSOAR™ playbooks and perform automated operations, such as automatically adding a new incident record in ServiceNow tables and searching and retrieving information about ServiceNow records.
Connector Version: 1.0.3
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with ServiceNow Versions: 2.1.0 and later
Following changes have been made to the ServiceNow Connector in version 1.0.3:
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the ServiceNow connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | FQDN or IP for the ServiceNow server. For example, https://instance.service-now.com |
Username | Username to access the ServiceNow server. |
Password | Password to access the ServiceNow server. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. Defaults to True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Record | Adds a new record in the ServiceNow table that you have specified. | create_record Investigation |
Search Record | Searches for a record in the ServiceNow database. | search_record Investigation |
Update CyOPs Record | Updates a FortiSOAR™ record with ServiceNow ticket details. For example, this operation will update the system ID, description, and state of a ServiceNow ticket in a FortiSOAR™ record. | update_record Investigation |
Advanced Search | Executes a generalized query on a specified ServiceNow table. | search_query Investigation |
Update ServiceNow Record | Updates the specified ServiceNow record with the fields of the corresponding FortiSOAR™ record. | update_record Investigation |
Parameter | Description |
---|---|
Table Name | The name of the table (in the ServiceNow database) in which you want to create the record. For example, incident. |
Record Information | Map the record field that is present in FortiSOAR™ to the ServiceNow record field stored in the dictionary. You can pass this information to the ServiceNow record field using dynamic variables. For example, Table Name: incident Record Information: {"short_description": "QRadar Offense", "urgency": "2", "impact": "2"} |
The JSON output contains the ID and the URL of the ServiceNow record created.
Following image displays a sample output:
Parameter | Description |
---|---|
Table Name | The name of the table (in the ServiceNow database) in which you want to search for a record. |
Column Name | The key of the record that you want to search in the ServiceNow table. For example, incident. |
Value | The value of the record that you want to search in the ServiceNow table. For example, Incident ID. |
A JSON output contains the detailed information about the ServiceNow ticket retrieved based on the specified parameters.
Following image displays a sample output:
Parameter | Description |
---|---|
Update ServiceNow Ticket Details | The system ID, description, and state of a ServiceNow ticket that you want to update in the FortiSOAR™ record |
ServiceNow to CyOPs Mapping | The mapping of the description and status of the ServiceNow ticket with FortiSOAR™. The description field from ServiceNow maps to the description field in FortiSOAR™. The state field from ServiceNow maps to the status field in FortiSOAR™. |
Picklist Mapping | The mapping of the picklist values of the status of the ServiceNow ticket with a FortiSOAR™ record. |
A JSON output contains the detailed information about the specified ServiceNow ticket, including state and description, that requires to be updated in the FortiSOAR™ record.
Following image displays a sample output:
Parameter | Description |
---|---|
Table Name | The name of the table (in the ServiceNow database) in which you want to search for a record. For example, incident. |
Advanced Search Query | The system ID, description, and state of a ServiceNow ticket. Using these parameters, create a generalized query to search for multiple fields in ServiceNow. For example, Table Name: incident Record Information: {"category=inquiry&number=INC0000059"} |
A JSON output contains the detailed information about the ServiceNow ticket retrieved based on the generalized query.
Following image displays a sample output:
Parameter | Description |
---|---|
Table Name | The name of the table (in the ServiceNow database) that requires to be updated. |
ServiceNow Ticket Details | The details of the ServiceNow ticket that requires to be updated. Details can include system ID, description, state or any other field of the ServiceNow ticket. |
ServiceNow to CyOPs Mapping | The mapping of the description and status of the ServiceNow ticket with FortiSOAR™. The description field from ServiceNow maps to the description field in FortiSOAR™. The state field from ServiceNow maps to the status field in FortiSOAR™. |
Picklist Mapping | The mapping of the picklist values of the status of the ServiceNow ticket with FortiSOAR™. |
A JSON output contains the detailed information about the ServiceNow record updated with the fields of the corresponding FortiSOAR™ record.
Following image displays a sample output:
The Sample-ServiceNow-1.0.3
playbook collection comes bundled with the ServiceNow connector. This playbook contains steps using which you can perform all supported actions.
Note: The ServiceNow playbooks are compatible with FortiSOAR™ 4.10.2 and later since they include Schedules module and scheduling capability that was enhanced in FortiSOAR™ 4.10.2. Periodic playbook such as 'Get ServiceNow Open Tickets' use the Schedules module in FortiSOAR™ for adding the scheduling capability. For information on Schedules module, see the Schedules topic in the FortiSOAR™ documentation.
You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the ServiceNow connector.
You must update FortiSOAR™ Incidents
module to add the appropriate picklists and text fields, and map the Status
, Ticket Number
and SysID
of the ServiceNow incident to the equivalent fields in the FortiSOAR™ modules, see the Updating the FortiSOAR™ modules section. This ensures that when the Status
, Ticket Number
or SysID
of a ServiceNow incident is updated, the corresponding incident gets updated in the FortiSOAR™ Incidents
module using the included playbooks.
Note: By default, playbooks that perform bi-directional updates are in the inactive state and therefore you must activate the playbooks to validate the bidirectional update. Once the integration is working, it is recommended that you create a clone of the included playbooks in a new playbook collection and customize them as per your need and deactivate or delete the samples as they might be overwritten during the connector updates.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Note: This procedure assumes that you are using FortiSOAR™ version 4.10.2. If you are using a different version of FortiSOAR™, such as FortiSOAR™ 4.9, then it is possible that the FortiSOAR™ UI navigation is different. Refer to the FortiSOAR™ documentation of that particular version for details about FortiSOAR™ navigation.
Perform the following steps to add the Status
, Ticket Number
and SysID
fields to the FortiSOAR™ Incidents
modules:
Picklist Editor
and create a picklist named ServiceNowTicketStatus
, click Settings and in the Application Editor
section, and click Picklists:
CreateServiceNowTicket
as follows:
Incidents
Module as follows:
Module Editor
, click Settings and then click Modules in the Application Editor
section.Modules
page, from the Select a module to edit or create a new module drop-down list, select Incidents.servicenowTicketStatus
.ServiceNow Ticket Status
.createServicenowTicket
.Create ServiceNow Ticket
.Incidents
module, click the + (Add Field) icon and add a new field with the following properties:snTicketNumber
.ServiceNow Ticket Number
.Incidents
module, click the + (Add Field) icon and add a new field with the following properties:snSysid
.ServiceNow SysID
.
ServiceNow provides intelligent and automated workflows across the enterprise. It supports real-time communication, collaboration, and resource sharing across various functions.
This document provides information about the ServiceNow connector, which facilitates automated interactions, with a ServiceNow server using FortiSOAR™ playbooks. Add the ServiceNow connector as a step in FortiSOAR™ playbooks and perform automated operations, such as automatically adding a new incident record in ServiceNow tables and searching and retrieving information about ServiceNow records.
Connector Version: 1.0.3
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with ServiceNow Versions: 2.1.0 and later
Following changes have been made to the ServiceNow Connector in version 1.0.3:
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the ServiceNow connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | FQDN or IP for the ServiceNow server. For example, https://instance.service-now.com |
Username | Username to access the ServiceNow server. |
Password | Password to access the ServiceNow server. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. Defaults to True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Record | Adds a new record in the ServiceNow table that you have specified. | create_record Investigation |
Search Record | Searches for a record in the ServiceNow database. | search_record Investigation |
Update CyOPs Record | Updates a FortiSOAR™ record with ServiceNow ticket details. For example, this operation will update the system ID, description, and state of a ServiceNow ticket in a FortiSOAR™ record. | update_record Investigation |
Advanced Search | Executes a generalized query on a specified ServiceNow table. | search_query Investigation |
Update ServiceNow Record | Updates the specified ServiceNow record with the fields of the corresponding FortiSOAR™ record. | update_record Investigation |
Parameter | Description |
---|---|
Table Name | The name of the table (in the ServiceNow database) in which you want to create the record. For example, incident. |
Record Information | Map the record field that is present in FortiSOAR™ to the ServiceNow record field stored in the dictionary. You can pass this information to the ServiceNow record field using dynamic variables. For example, Table Name: incident Record Information: {"short_description": "QRadar Offense", "urgency": "2", "impact": "2"} |
The JSON output contains the ID and the URL of the ServiceNow record created.
Following image displays a sample output:
Parameter | Description |
---|---|
Table Name | The name of the table (in the ServiceNow database) in which you want to search for a record. |
Column Name | The key of the record that you want to search in the ServiceNow table. For example, incident. |
Value | The value of the record that you want to search in the ServiceNow table. For example, Incident ID. |
A JSON output contains the detailed information about the ServiceNow ticket retrieved based on the specified parameters.
Following image displays a sample output:
Parameter | Description |
---|---|
Update ServiceNow Ticket Details | The system ID, description, and state of a ServiceNow ticket that you want to update in the FortiSOAR™ record |
ServiceNow to CyOPs Mapping | The mapping of the description and status of the ServiceNow ticket with FortiSOAR™. The description field from ServiceNow maps to the description field in FortiSOAR™. The state field from ServiceNow maps to the status field in FortiSOAR™. |
Picklist Mapping | The mapping of the picklist values of the status of the ServiceNow ticket with a FortiSOAR™ record. |
A JSON output contains the detailed information about the specified ServiceNow ticket, including state and description, that requires to be updated in the FortiSOAR™ record.
Following image displays a sample output:
Parameter | Description |
---|---|
Table Name | The name of the table (in the ServiceNow database) in which you want to search for a record. For example, incident. |
Advanced Search Query | The system ID, description, and state of a ServiceNow ticket. Using these parameters, create a generalized query to search for multiple fields in ServiceNow. For example, Table Name: incident Record Information: {"category=inquiry&number=INC0000059"} |
A JSON output contains the detailed information about the ServiceNow ticket retrieved based on the generalized query.
Following image displays a sample output:
Parameter | Description |
---|---|
Table Name | The name of the table (in the ServiceNow database) that requires to be updated. |
ServiceNow Ticket Details | The details of the ServiceNow ticket that requires to be updated. Details can include system ID, description, state or any other field of the ServiceNow ticket. |
ServiceNow to CyOPs Mapping | The mapping of the description and status of the ServiceNow ticket with FortiSOAR™. The description field from ServiceNow maps to the description field in FortiSOAR™. The state field from ServiceNow maps to the status field in FortiSOAR™. |
Picklist Mapping | The mapping of the picklist values of the status of the ServiceNow ticket with FortiSOAR™. |
A JSON output contains the detailed information about the ServiceNow record updated with the fields of the corresponding FortiSOAR™ record.
Following image displays a sample output:
The Sample-ServiceNow-1.0.3
playbook collection comes bundled with the ServiceNow connector. This playbook contains steps using which you can perform all supported actions.
Note: The ServiceNow playbooks are compatible with FortiSOAR™ 4.10.2 and later since they include Schedules module and scheduling capability that was enhanced in FortiSOAR™ 4.10.2. Periodic playbook such as 'Get ServiceNow Open Tickets' use the Schedules module in FortiSOAR™ for adding the scheduling capability. For information on Schedules module, see the Schedules topic in the FortiSOAR™ documentation.
You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the ServiceNow connector.
You must update FortiSOAR™ Incidents
module to add the appropriate picklists and text fields, and map the Status
, Ticket Number
and SysID
of the ServiceNow incident to the equivalent fields in the FortiSOAR™ modules, see the Updating the FortiSOAR™ modules section. This ensures that when the Status
, Ticket Number
or SysID
of a ServiceNow incident is updated, the corresponding incident gets updated in the FortiSOAR™ Incidents
module using the included playbooks.
Note: By default, playbooks that perform bi-directional updates are in the inactive state and therefore you must activate the playbooks to validate the bidirectional update. Once the integration is working, it is recommended that you create a clone of the included playbooks in a new playbook collection and customize them as per your need and deactivate or delete the samples as they might be overwritten during the connector updates.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Note: This procedure assumes that you are using FortiSOAR™ version 4.10.2. If you are using a different version of FortiSOAR™, such as FortiSOAR™ 4.9, then it is possible that the FortiSOAR™ UI navigation is different. Refer to the FortiSOAR™ documentation of that particular version for details about FortiSOAR™ navigation.
Perform the following steps to add the Status
, Ticket Number
and SysID
fields to the FortiSOAR™ Incidents
modules:
Picklist Editor
and create a picklist named ServiceNowTicketStatus
, click Settings and in the Application Editor
section, and click Picklists:
CreateServiceNowTicket
as follows:
Incidents
Module as follows:
Module Editor
, click Settings and then click Modules in the Application Editor
section.Modules
page, from the Select a module to edit or create a new module drop-down list, select Incidents.servicenowTicketStatus
.ServiceNow Ticket Status
.createServicenowTicket
.Create ServiceNow Ticket
.Incidents
module, click the + (Add Field) icon and add a new field with the following properties:snTicketNumber
.ServiceNow Ticket Number
.Incidents
module, click the + (Add Field) icon and add a new field with the following properties:snSysid
.ServiceNow SysID
.