ServiceNow

ServiceNow

Utilize the Praetorian Guard Platform's (PGP) continuous monitoring capabilities to identify and address potential security vulnerabilities and feed that critical data into ServiceNow's incident and problem management workflows.

Overview

Setting up the integration involves:

  1. Creating a Scripted REST API endpoint in ServiceNow

  2. Creating a dedicated service account in ServiceNow

  3. Base64 encoding the service account credentials

  4. Obtaining the full Scripted REST API URL

  5. Configuring the integration in Guard

Setting up a REST API endpoint in ServiceNow

In order to integrate PGP with ServiceNow, you must set up ServiceNow to receive a POST request from the PGP Webhook. To process the content in the Webhook POST request, we recommend you set up a processor using ServiceNow's Scripted REST API feature. In ServiceNow Xanadu, it is accessed via All > System Web Services > Scripts Web Services > Scripted REST APIs.

Learn more about ServiceNow Scripted REST API here.

In the Scripted REST APIs page, click New to create a new API endpoint:

Screenshot 2024-10-21 at 3.27.29 PM.png

Enter "Praetorian PGP Webhook" in the Name field; and enter "praetorian_PGP_webhook" in the API ID field. Click Submit afterwards:

Screenshot 2024-10-21 at 7.36.47 PM.png

After submitting, a base API path will be generated for you. This base path, together with the hostname of your ServiceNow instance, is the Scripted REST API URL when configuring the ServiceNow integration in PGP:

Screenshot 2024-10-21 at 7.38.55 PM.png

Further, create a resource:

Screenshot 2024-10-21 at 7.32.25 PM.png

Enter "Notification" in the Name field. And "/notification" in the Relative path field. Choose POST for HTTP method.

Screenshot 2024-10-21 at 8.35.54 PM.png

Make sure to enable Requires authentication. PGP uses the HTTP Basic Authentication method to authenticate to ServiceNow:

Screenshot 2024-10-21 at 8.38.40 PM.png

At this point, you have everything you need to configure the ServiceNow integration in PGP.

Setting up the Service Account

Log in to ServiceNow with administrator privileges.

For quick navigation, within ServiceNow, at the top right, go to All, type Users and then navigate to User Administration → Users.

At the top right, click New.

After configuring the service account to your needs, click submit. To set the service account password, you first need to save the record and then click Set Password.

Once the username and password are set for the service account, copy both values for base64 encoding.

Base64 Encoding Credentials

The ServiceNow integration requires Base64 encoded credentials in the format username:password. Here's how to generate them:

Windows PowerShell

$credentials = "username:password"$encodedCredentials = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($credentials))Write-Output $encodedCredentials

macOS/Linux Terminal

echo -n "username:password" | base64

Replace "username:password" with your actual ServiceNow service account credentials. Save the encoded output - you'll need it when configuring the integration in PGP.

Obtaining the full Scripted REST API URL

From your ServiceNow instance, copy the URL in the browser. The hostname look like this: <yourinstanceidentifier>.service-now.com

The base API path can be found on your Scripted REST API page. It will look like this:

/api/x_1234567_name/PGP_rest_api

The relative path is the /notification path that was added during the api creation.

All together this might look something like this:

.service-now.com/api/x_1234567_name/PGP_rest_api/notification

Configuring in PGP

In Guard, navigate to Settings and locate the IT Service Management section under Notifications. Click Add Integration and select ServiceNow.

The setup form has three fields:

  • Scripted REST API URL (required) — The full URL constructed in the previous step.

  • Basic Auth Token (optional) — The Basic Authentication header value. Enter it in the format Basic <your-base64-encoded-credentials> (e.g., Basic am9obkBleGFtcGxlLmNvbTphYmMxMjM=).

  • Severity (required) — The minimum severity level for notifications. Guard will only send vulnerabilities that match the selected severity combination to ServiceNow. The default is Medium, High, and Critical.

Handling the Webhook Payload

Once the integration is active, Guard sends a POST request to your Scripted REST API endpoint whenever a vulnerability matching your severity threshold is discovered. Add a handler for the webhook payload in your ServiceNow Scripted REST API. ServiceNow supports JavaScript in their Scripted REST APIs.

Your handler should expect to receive a vulnerability payload in the following format:

{
   "dns": "public-facing-api.domain.com",
   "name": "192.168.15.30",
   "finding": "exposed-administration-interface",
   "source": "webhook"
}
Screenshot 2024-10-21 at 8.39.59 PM.png

You can use this information to create an incident or trigger other workflows using the Javascript handler.

Now, vulnerabilities found by PGP automatically show up in your ServiceNow workflow for streamlined remediation.

We hope this documentation has been helpful. If you find a topic that you would like discussed in detail, or need further assistance, please let us know at support@praetorian.com!