Utilize Chariot’s continuous monitoring capabilities to identify and address potential security vulnerabilities and feed that critical data into ServiceNow’s incident and problem management workflows.
Overview
This guide will walk you through integrating Chariot with ServiceNow, which involves:
- Setting up a REST API endpoint in ServiceNow
- Creating a dedicated service account in ServiceNow
- Base64 encoding the service account credentials
- Obtaining the full Scripted REST API URL
- Configuring the integration in Chariot
Setting up a REST API endpoint in ServiceNow
In order to integrate Chariot with ServiceNow, you must set up ServiceNow to receive a POST request from the Chariot Webhook. To process the content in the Webhook POST request, we recommend you set up a processor using ServiceNow's Scripted REST API feature. In ServiceNow Xanadu, it is accessed via All > System Web Services > Scripts Web Services > Scripted REST APIs.
Learn more about ServiceNow Scripted REST API here.
In the Scripted REST APIs page, click New to create a new API endpoint:
Enter "Praetorian Chariot Webhook" in the Name field; and enter "praetorian_chariot_webhook" in the API ID field. Click Submit afterwards:
After submitting, a base API path will be generated for you. This base path, together with the hostname of your ServiceNow instance, is the Scripted REST API URL when configuring the ServiceNow integration in Chariot:
Further, create a resource:
Enter "Notification" in the Name field. And "/notification" in the Relative path field. Choose POST for HTTP method.
Make sure to enable Requires authentication. Chariot uses the HTTP Basic Authentication method to authenticate to ServiceNow:
At this point, you have everything you need to configure the ServiceNow integration in Chariot.
Setting up the Service Account
Log in to ServiceNow with administrator privileges.
For quick navigation, within ServiceNow, at the top right, go to All, type Users and then navigate to User Administration → Users.
At the top right, click New.
After configuring the service account to your needs, click submit. To set the service account password, you first need to save the record and then click Set Password.
Once the username and password are set for the service account, copy both values for base64 encoding.
Base64 Encoding Credentials
The ServiceNow integration requires Base64 encoded credentials in the format username:password. Here's how to generate them:
Windows PowerShell
$credentials = "username:password"
$encodedCredentials = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($credentials))
Write-Output $encodedCredentials
macOS/Linux Terminal
echo -n "username:password" | base64
Replace "username:password" with your actual ServiceNow service account credentials. Save the encoded output - you'll need it when configuring the integration in Chariot.
Obtaining the full Scripted REST API URL
From your ServiceNow instance, copy the URL in the browser. The hostname look like this: <yourInstanceIdentifier>.service-now.com
The base API path can be found on your Scripted REST API page. It will look like this:
/api/x_1234567_name/chariot_rest_api
The relative path is the /notification path that was added during the api creation.
All together this might look something like this:
<yourInstanceIdentifier>.service-now.com/api/x_1234567_name/chariot_rest_api/notificationConfiguring in Chariot
Setting up ServiceNow notifications in Chariot is straightforward. Begin by navigating to Settings and locating the Notifications section. Here you'll find an "Add Notifications" button that opens a selection of available notification workflows, including ServiceNow alongside other options like Slack, Jira, and Microsoft Teams.
Click "Connect" on the ServiceNow card to open the configuration dialog. You'll need to provide three key pieces of information: your Scripted REST API URL, Basic Auth Token, and your preferred minimum vulnerability severity threshold (ranging from info to critical). This severity setting lets you control which alerts flow through to your ServiceNow instance based on your organization's needs.
Scripted REST API URL: This is hostname + Base API path + Relative path. It usually reads like this: https://your-company.service-now.com/api/snc/praetorian_chariot_webhook/notification.
Basic Auth Token: This is the basic authentication header. It usually reads like this: Basic am9obkBleGFtcGxlLmNvbTphYmMxMjM=
Severity: Select the minimum severity level to by notified.
Once you set up Chariot with ServiceNow, add a handler for the Webhook POST request in your ServiceNow instance. ServiceNow supports Javascript in their Scripted REST APIs.
Your handler should expect to receive a vulnerability payload that reads like the following JSON:
{
"dns": "public-facing-api.domain.com",
"name": "192.168.15.30",
"finding": "exposed-administration-interface",
"source": "webhook"
}
You can use this information to create an incident or trigger other workflows using the Javascript handler.
Now, vulnerabilities found by Chariot automatically show up in your ServiceNow workflow for streamlined remediation.
We hope this documentation has been helpful. If you find a topic that you would like discussed in detail, or need further assistance, please let us know at support@praetorian.com!