Comment on page
Incident Management
Protect4S VM can be integrated with Incident Management solutions.
The technical connection to be used must be created upfront so that it can be selected later. This is done as follows:
In the Protect4S system, start transaction SM59 and create an RFC destination of type type G as in the example shown below:
- Enter the details relevant for your ServiceNow instance (hostname, port, user and password).
- Select the SSL client PSE to use HTTPS for the connection. Make sure to trust the ServiceNow HTTPS endpoint by adding the relevant certificate to the Certificate List of the selected PSE (transaction STRUST).
Test the connection, this should be successful:
To set up the integration, go to Integration, Incident Management:
Click 'New' to setup a new integration:
Use the settings like shown in the example below. Select the earlier created RFC destination as Connection name:
Next, Scans can be added to the integration. Click the New button and add the scan of your choosing, like shown in the example below:
Next time the scan is run, incidents will be created for the failed checks, like shown in the example below.
Protect4S scan results:
ServiceNow incidents:
The ServiceNow (SNow) fields are mapped with the information from Protect4S VM as follows:
ServiceNow field | Protect4S field | Explanation |
|---|---|---|
Caller | - | Name value of the integration user. |
Impact | Impact | The impact of the finding. |
Urgency | Likelihood | Likelihood about the found risk/exploit. |
Priority | - | Calculated by ServiceNow based on 'Impact' and 'Urgency'. |
Short description | Check name & ID | The Name of the check plus ID is shown here. |
Description | Date, time Run ID, Scan ID, System ID, SID & Check Message | Origin and details of the check. |
The value mappings for Urgency - Likelihood and Impact - Impact do not completely align between Protect4S VM and ServiceNow for the values 'Very high' and 'Very low'.
The values are mapped as following:
P4S Impact | SNow Impact | P4S Likelihood | SNow Urgency |
|---|---|---|---|
Very high | High | Very high | High |
High | High | High | High |
Medium | Medium | Medium | Medium |
Low | Low | Low | Low |
Very low | Low | Very low | Low |
Incidents in ServiceNow are created based on configured Scans (see above). For each failed check of a run in a configured scan, either a new incident is created or the existing incident for the check is updated.
See the example below where the check results of additional runs are added to the ServiceNow ticket Description (separated by dash lines) in case of an update:
Last modified 3mo ago