ServiceNow Integration via Webhooks

ServiceNow Integration via Webhooks

Integrating Cloudnosys with ServiceNow

ServiceNow is a versatile online platform that assists clients with changing their advanced work processes. One of the manners in which it very well may be utilized is to help IT departments with risk management.

In this tutorial, we’re demonstrating how to make a webhook receiver (as a Scripted REST API) within ServiceNow, and how to set up Webhooks in your Cloudnosys account to automatically send notifications/alerts to ServiceNow when there is a risk in your infrastructure.

  • Requirements
  • Creating a Scripted REST API in ServiceNow
  • Sending Cloudnosys Notifications to ServiceNow via Webhooks

Requirements

  • Cloudnosys account
    • Webhooks integration enabled (Navigate to the Integration under Settings on the left-hand side menu)
  • ServiceNow account

Creating a Scripted REST API in ServiceNow

First, log in to your ServiceNow account. On the left-hand side search box, type “Scripted REST”. Click on Scripted REST APIs under System Web Services -> Scripted Web Services:

Click on New to create a new API service:

Give your API a name, and an API ID (we’ll use “Cloudnosys Webhooks” for our example). You can leave Protection Policy as “– None –“. Click on Submit:

You’ll be taken back to the list of Scripted Web Services. Search for the API we just created and click on it:

Scroll down to the Resources tab and click on New:

Give your resource a name (we’ll use “event”) and change the HTTP method to POST:

Scroll down to the Script section and add the following snippet:

					

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
    var apiKey = request.body.token;
    var secret = "<secret>"; // User generated random String
    if (apiKey == secret) {
        var event = request.body.data;
        var inc = new GlideRecord('incident');
        inc.initialize();
        inc.short_description = event.description + " and Remediation Steps " + event.remediationSteps;
        inc.description = "Cloudnosys risk alert from Cloud Account " + event.cloudAccountName + " and Organization " + event.orgName;
        inc.severity = event.risk;
        inc.state = event.status;
        inc.service = event.service;
        inc.task_type = event.type;
        inc.insert();
    } else {
        gs.warn("Invalid API Key for Cloudnosys Webhook");
    }
    // Cloudnosys expects a 200 status code response back
    response.setStatus(200);
})(request, response);

Important: there are three variables in the script that you need to update:

  • <secret> – required – a random string, such as a UID. Save this value as we’ll use it later when setting up the Cloudnosys webhook.
  • <group> – required – the group that you want to assign the incident to.
  • <email> – optional – the specific person to assign the incident to.

In the Security tab, uncheck the Requires authentication checkbox (we will use the “secret” GUID variable to protect access to the API). Click on Submit:

Back on our Scripted API page, look for the Base API Path field for our newly created API:

Our API endpoint will be something like this:

https://<yourInstanceName>.service-now.com/<baseApiPath>?

Sending Cloudnosys Notifications to ServiceNow via Webhooks

Log in to your Cloudnosys account, navigate to the Integration under Settings on the left-hand side menu, and click on Authorize:

In the Webhook URL field, paste your API endpoint that you got from the previous section. It should look similar to this:

https://<yourInstanceName>.service-now.com/<baseApiPath>

And in Authentication Token, enter your secret key that you previously created and click on Save.

Leverage the Power of CloudEye Security

Cloudnosys platform delivers security, compliance, and DevOps automation. Continually scan your entire AWS services for security and compliance violations for Network Security, IAM Policies, VPC, S3, Cloudtrail etc. Provides DevOps automation and policy driven guided remediation for Azure and AWS. Meet PCI, HIPAA, NIST, ISO27001, SOC2, FISMA, AWS CIS Benchmark compliance quickly.

+1 (404) 692-5787

205 Market Place, Suite 200,Atlanta,
GA 30075, USA

[email protected]