Incident Management

ServiceNow - Incident Management

Prerequisites

The technical connection to be used must be created upfront so that it can be selected later. This is done as follows:

In the Protect4S system, start transaction SM59 and create an RFC destination of type type G as in the example shown below:

• Enter the details relevant for your ServiceNow instance (hostname, port, user and password).

• Select the SSL client PSE to use HTTPS for the connection. Make sure to trust the ServiceNow HTTPS endpoint by adding the relevant certificate to the Certificate List of the selected PSE (transaction STRUST).

Test the connection, this should be successful:

Create integration

To set up the integration, go to Integration, Incident Management:

Click 'New' to setup a new integration:

Use the settings like shown in the example below. Select the earlier created RFC destination as Connection name:

Next, Scans can be added to the integration. Click the New button and add the scan of your choosing, like shown in the example below:

Next time the scan is run, incidents will be created for the failed checks, like shown in the example below.

Protect4S scan results:

ServiceNow incidents:

Functionality

The ServiceNow (SNow) fields are mapped with the information from Protect4S VM as follows:

The value mappings for Urgency - Likelihood and Impact - Impact do not completely align between Protect4S VM and ServiceNow for the values 'Very high' and 'Very low'.

The values are mapped as following:

Incidents in ServiceNow are created based on configured Scans (see above). For each failed check of a run in a configured scan, either a new incident is created or the existing incident for the check is updated.

See the example below where the check results of additional runs are added to the ServiceNow ticket Description (separated by dash lines) in case of an update: