Skip to main content

ServiceNow

Visualize ServiceNow resources and monitor them through queries and alerts.

Installation

ServiceNow Setup Requirements

Before configuring this integration in JupiterOne, you need to create a dedicated service account with appropriate permissions in ServiceNow:

Required in ServiceNow:

  • A dedicated user account (e.g., JupiterOne)
  • A custom role with read-only access (e.g., jupiterone_reader)
  • Access Control Lists (ACLs) configured for the required tables
  • Your ServiceNow instance hostname (e.g., yourcompany.service-now.com)

Authentication: This integration uses HTTP Basic authentication with username and password.

Required Table Access: The service account must have read access to these tables:

  • sys_user - for user data
  • sys_user_group - for group data
  • sys_user_grmember - for group membership data
  • incident - for incident data
  • sys_db_object - for database object information
  • CMDB tables (if ingesting CMDB data) - requires the cmdb_reader role

Optional Permissions: If you want JupiterOne to create ServiceNow incidents from alert rules, create an additional jupiterone_incident_creator role with write access to the incident table.

Detailed setup instructions are provided in the Configuration in ServiceNow section below.

In order to allow JupiterOne to fetch data from your ServiceNow account, we recommend creating a new ServiceNow role with read-only access to your account and assigning that read-only role to a dedicated ServiceNow user.

Configuration in ServiceNow

  1. Follow the ServiceNow documentation to create a new ServiceNow role called jupiterone_reader.

  2. Create a new access control rule (ACL) to allow access to the jupiterone_reader role with Type: Record, Operation: Read, and Role: jupiterone_reader. This should be enabled for the following tables (Name field):

    • sys_user
    • sys_user_group
    • sys_user_grmember
    • incident
    • sys_db_object

  3. Create a new ServiceNow User called JupiterOne. Make a note of the new username/password; you'll need it when configuring your integration in JupiterOne.

  4. Open the JupiterOne user and assign the jupiterone_reader role to your newly created user. Note: if ingesting any part of the cmdb, also add the cmdb_reader role. See this link for more information.

  5. (OPTIONAL) For JupiterOne users who wish to create ServiceNow incidents based on JupiterOne alert rules, we suggest creating a jupiterone_incident_creator role. Repeat steps 1, 2, and 4 above with the following parameters:

    1. ServiceNow Role: name: jupiterone_incident_creator

    2. Access Control Rule (ACL) : Type: Record , Operation: Create , Name(table): incident, Name(fields): * , Role: jupiterone_incident_creator

    4. Role Assignment: Assign jupiterone_incident_creator role to JupiterOne user

Configuration in JupiterOne

To install the ServiceNow integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select ServiceNow. Click New Instance to begin configuring your integration.

Creating an instance requires the following:

  • The Account Name used to identify the ServiceNow account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

  • Description to assist in identifying the integration instance, if desired.

  • Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

  • Your ServiceNow Hostname (e.g., j1.service-now.com), Username, and Password.

  • Your ServiceNow CMDB Classes to ingest, a comma separated value of classes.

Click Create once all values are provided to finalize the integration.

Advanced Options

Additional configuration can be set to customize the ingested data:

  • User Configuration: Custom Fields allows for custom fields to be added to the user entity.
  • User Configuration: Excluded User Classes allows for some users to be excluded based on their sysClassName.
  • Host Configuration: Host Classes allows for specific sysClassNames to be mapped to the JupiterOne Device data model.
note

Excluded User Classes configuration option:

This J1QL Query can be executed to determine which system class names (sysClassName) of users exist within ServiceNow, after a successful job run without any User Class Exclusions:

FIND service_now_user RETURN count(service_now_user), service_now_user.sysClassName

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.