SUPPORT

Contact Support

OPEN A TICKET

Integrating Netsparker Enterprise with ServiceNow Incident Management

ServiceNow Incident Management is an issue-tracking system that helps organizations to manage issues. It also helps businesses prioritize and share tasks across departments. This means you can find precise indicators of problems to prevent issues, benchmark responses to responses, and predict future issues.

This topic explains how to configure Netsparker Enterprise to send a detected vulnerability to ServiceNow Incident Management.

Netsparker Enterprise has out-of-the-box support for resolving and reactivating ServiceNow Incident Management issues according to the scan results, in addition to automatic issue creation. Netsparker Enterprise uses user-provided resolved and reopened statuses in ServiceNow Incident Management for this purpose.

To enhance issue synchronization support, Netsparker Enterprise also offers webhook support. This enables you to detect any status changes in ServiceNow Incident Management issues opened by Netsparker Enterprise.

  • Netsparker Enterprise generates a Webhook URL after you save your integration settings. When you register this link as a webhook in your ServiceNow Incident Management project, and enter your preferred Resolved and Reopen statuses, you will complete Netsparker Enterprise issue synchronization for your integration.
  • When you change your ServiceNow Incident Management issue’s status to your preferred Resolved status, the issue is automatically marked as Fixed (Unconfirmed) in Netsparker Enterprise and a retest scan is started. If you select the After retesting, change the status of fixed vulnerabilities to Closed checkbox, the issue will be closed.
  • And, when you change your ServiceNow Incident Management issue’s status to your preferred Reopened status, your corresponding Netsparker Enterprise issue is automatically marked as revived.

For further information, see What Systems Does Netsparker Integrate With?.

ServiceNow Incident Management Fields

This table lists and explains the ServiceNow fields in the New ServiceNow Incident Management Integration window.

Button/Section/Field

Description

Name

This is the name of the configuration that will be shown elsewhere.

Mandatory

This section contains fields that must be completed.

URL

This is the ServiceNow instance URL.

Username

This is the name of the user. 

Password

This is the password that is used for the ServiceNow account.

Title Format

This is the string format that is used to create the vulnerability title.

Optional

This section contains optional fields.

Severity

This is the severity of the bug.

Caller ID

This is the ID of the person who reports the incident.

Category

This is the category in which to assign cases. The options are: Inquiry/Help, Software, Hardware, Network, Database, and Custom.

Reopen Status

Reopen Statuses vary according to the project type. Please write the correct values for your project type. This is the status of the reopened issues or tickets.

Resolved Status

Resolved Statuses vary according to the project type. Please write the correct values for your project type.

Template

This is the template file that is used to create description fields.

Due Days

This is the number of days from the date the issue was created to the date it’s due.

Assigned To 

This is the ID of the user to whom the issue is assigned.

Custom Fields

This section contains user-defined custom fields.

New Custom Field

Select to create a new custom field.

Name

Enter a name for the new custom field.

Value

Enter a value for the new custom field.

Drop-down

Select the drop-down to change the input type. The options are:

  • Text
  • Password
  • Textarea
  • File upload
  • Complex

Create Sample Issue

Once all relevant fields have been configured, select to create a sample issue.

How to Integrate Netsparker Enterprise with ServiceNow Incident Management

  1. Log in to Netsparker Enterprise.
  2. From the main menu, select Integrations New Integration.
  3. From the Issue Tracking Systems section, select ServiceNow Incident Management

  1. In the Name field, enter a name for the integration.
  2. In the Mandatory section, complete the connection details:
    • URL (ServiceNow Server)
    • Username (The name must be unique)
    • Password
    • Title Format
  3. In the Optional section, complete as required.
  4. Select Create Sample Issue to confirm that Netsparker Enterprise can connect to the configured system. A confirmation message is displayed to confirm that the sample issue has been successfully created.
  5. In the confirmation message, click the Issue number link to open the issue in your default browser.
  6. If the ServiceNow Incident Management integration is not configured correctly, Netsparker Enterprise will correctly route descriptive error messages to you. Here is a sample error message.

  1. Select Save to save the integration.

How to Export Reported Vulnerabilities to Projects in ServiceNow Incident Management

There are several ways to send issues to ServiceNow Incident Management with Netsparker Enterprise:

  • Once notifications have been configured, you can configure Netsparker Enterprise to automatically send vulnerabilities after scanning has been completed (see How to Configure a Notification to Report Vulnerabilities to an Issue Tracking System).
  • You can send one or more issues from the Issues window:
    • You must have Manage Issue permission.
    • From the main menu, select Issues All Issues
    • Select one or more issues you want to send.
    • Select Send To > ServiceNow Incident Management.

    • A popup is displayed, with a link to the issue you have sent to ServiceNow Incident Management. If there is an error, this information will be displayed instead.

  • You can send an issue from the Recent Scans window:
    • From the main menu, select Scans > Recent Scans.

    • Next to the relevant scan, select Report
    • Scroll down to the Technical Report section.
    • From the list of detected vulnerabilities, select an issue and display its details.

    • Select Send To ServiceNow Incident Management

    • If you have previously submitted this vulnerability to ServiceNow Incident Management, it will already be accessible. You cannot submit the same issue twice.
  • If you view opened problem logs in ServiceNow Incident Management, they look like this.

How to Register a Netsparker Enterprise ServiceNow Incident Management Integration Webhook

  1. From the main menu, select Integrations > Manage Integrations
  2. Next to the relevant ServiceNow integration, select Edit

***Resolved Status is a ServiceNow incident status to match when webhook script added. They must be the same, see relevant step below.

  1. In the Webhook URL field, select Copy to clipboard ().
  2. From the main menu, select Notifications
  3. Next to the relevant Scan Completed event notifications, select Edit.
  4. Add the ServiceNow integration into the Integration Endpoints field.

  1. Open ServiceNow. In the Filter Navigation textbox search for 'business rules'.

  1. Under System Definition, select Business Rules

  1. Select New.

  1. Select Table then Incident [incident].
  2. Enable the Advanced checkbox.
  3. In the When to Run tab, from the When dropdown, select after.
  4. Enable the Update checkbox.
  5. Select the Advanced tab.
  6. Modify the script below and fill in the script condition as illustrated:

Condition: current.incident_state.changesTo(6)

6 = Resolved

7 = Closed

Note that the Resolved status in the ServiceNow integration must be matched with the script condition.

Script:

(function executeRule(current, previous /*null when async*/) {
    /*
     * Incident states
     * Resolved = 6
     * Closed = 7
     *
     * condition for sending incident
     * for resolved incidents use this
     * current.incident_state.changesTo(6)
     *
     * for closed incident use this:
     * current.incident_state.changesTo(7)
     */
   
    // change endpoint variable with your webhook url in servicenow integration
    // navigate to servicenow integration https://www.netsparkercloud.com/integrations/integrations/
    // paste your webhook url in the endpoint variable. It's a link similar to this: https://www.netsparkercloud.com/integrations/serviceNowWebhook?key=XXX&identifier=XXX

    var endpoint = ‘PASTE YOUR SERVICENOW WEBHOOK HERE’;
   
    gs.info("Incident close code = " + current.close_code);
    gs.info("Incident number = " + current.number + " and id = " + current.sys_id + " will be sent.");
    //add current incident number to endpoint query
    endpoint = endpoint + "&caseNumber=" + current.sys_id;
    try {
        var request = new sn_ws.RESTMessageV2();
        request.setHttpMethod('post');
        request.setEndpoint(endpoint);
        request.setRequestBody("{}");
        var response = request.executeAsync();
        response.waitForResponse(60);
        var httpResponseStatus = response.getStatusCode();
        gs.info("http response status_code: " + httpResponseStatus);

    } catch (ex) {
        var message = ex.getMessage();
        gs.info(message);
    }
})(current, previous);

  1. Save it
  2. In Netsparker Enterprise, start a scan, after the scan is completed.
  3. Navigate to ServiceNow Incident Management. If there are no incidents, check the filter in the incident page. It should be set to All.

  1. Update issue to a Resolved or Closed state which was chosen earlier.

  1. In Netsparker, from the main menu, select Scans > Waiting for retest. The Issues window is displayed, showing the issues waiting to be rescanned. The scanning process will begin soon, depending on the availability of the scanning agents.  

Issue status will be changed to Fixed(Unconfirmed).

At this step, make sure that the Scan Completed event is defined for ServiceNow; otherwise, it won’t update the incident.

  1. After the retest starts, if the issue is retested correctly and if the vulnerability exists, it will be reopened by the system. If the vulnerability is fixed, no action will be taken.

Note that in the issue's history, if you see a message, 'The issue could not be retested.', it won’t be reopened in ServiceNow Incident Management.

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo