Utilize Chariot’s continuous monitoring capabilities to identify and address potential security Risks and feed that critical data into ServiceNow’s incident and problem management workflows.
In order to integrate Chariot with ServiceNow, you must set up ServiceNow to receive a POST
request from the Chariot Webhook. To process the content in the Webhook POST request, we recommend you set up a processor using ServiceNow's Scripted REST API feature. In ServiceNow Xanadu, it is accessed via All > System Web Services > Scripts Web Services > Scripted REST APIs.
Learn more about ServiceNow Scripted REST API here.
In the Scripted REST APIs page, click New to create a new API endpoint:
Enter "Praetorian Chariot Webhook" in the Name field; and enter "praetorian_chariot_webhook" in the API ID field. Click Submit afterwards:
After submitting, a base API path will be generated for you. This base path, together with the hostname of your ServiceNow instance, is the Scripted REST API URL when configurating the ServiceNow integration in Chariot:
Further, create a resource:
Enter "Notification" in the Name field. And "/notification" in the Relative path field. Choose POST for HTTP method.
Make sure to enable Requires authentication. Chariot uses the HTTP Basic Authentication method to authenticate to ServiceNow:
At this point, you have everything you need to configure the ServiceNow integration in Chariot. To do that, go to the Organization Settings page and click Add Push Notification in the Push Notification section. Click the ServiceNow tile to reveal the following configuration dialog:
Scripted REST API URL: This is hostname + Base API path + Relative path. It usually reads like this: https://your-company.service-now.com/api/snc/praetorian_chariot_webhook/notification.
Basic Auth Token: This is the basic authentication header. It usually reads like this: Basic am9obkBleGFtcGxlLmNvbTphYmMxMjM=
Severity: Select the minimum severity level to by notified.
Once you set up Chariot with ServiceNow, add a handler for the Webhook POST request in your ServiceNow instance. ServiceNow supports Javascript in their Scripted REST APIs.
Your handler should expect to receive a risk payload that reads like the following JSON:
{
"dns": "public-facing-api.domain.com",
"name": "192.168.15.30",
"finding": "exposed-administration-interface",
"source": "webhook"
}
You can use this information to create an incident or trigger other workflows using the Javascript handler.
Now, Risks found by Chariot automatically show up in your ServiceNow workflow for streamlined remediation.
We hope this documentation has been helpful. If you find a topic that you would like discussed in detail, or need further assistance, please let us know at support@praetorian.com!