Netskope Help

ServiceNow Plugin for Ticket Orchestrator

This document explains how to configure your ServiceNow integration with the Ticket Orchestrator module of the Netskope Cloud Exchange platform.

Requirements

To complete this configuration, you need:

  • A Netskope Tenant (or multiple, for example, production and development/test instances)

  • A Netskope Cloud Exchange tenant with the Ticket Orchestrator module already configured.

  • A ServiceNow account.

Workflow
  1. Confirm your ServiceNow roles.

  2. Configure the ServiceNow plugin.

  3. Configure Ticket Orchestrator Business Rules for ServiceNow.

  4. Configure Ticket Orchestrator Queues for ServiceNow.

  5. Validate the ServiceNow Plugin.

Click play to watch a video.

 

You must have a ServiceNow instance with a valid username and password in order to use ServiceNow plugin. Your account should have following roles:

  • itil, sn_incident_write, or admin (For Incident)

  • sn_si.admin (For Security Incident)

When deciding which role to use for entitling the ServiceNow TIcket Orchestrator plugin, the sn_si.admin role is NOT mandatory. If you don't have sn_si available, configure TIcket Orchestrator to use the default incidents table and not security incidents.

  1. Go to Settings and click Plugins

  2. Select the ServiceNow plugin box to open the plugin creation page (make sure your Ticket Orchestrator module is enabled. If not, go to Settings > General and enable the Ticket Orchestrator module).

  3. Enter a Configuration Name.

  4. Adjust the Sync Interval to appropriate value: Suggested time is 5+ minutes.

    image1.png
  5. Click Next.

    image2.png
  6. Enter your ServiceNow instance URL. It will be in the following format: https://<your-domain>.service-now.com.

  7. Enter your username and password.

  8. Click Next.

  9. Select the Destination Table from the dropdown.

    image3.png
  10. Click Save.

    image4.png
  1. Go to Ticket Orchestrator and click Business Rules.

    image5.png
  2. Click Create new rule.

  3. Enter the appropriate Rule Name in the text box and build the appropriate filter query condition on field(s) for the business rule. You can also type the query manually by clicking Filter Query.

    image6.png
  4. Click Save.

    image7.png
  5. To create Mute Rule(s) and/or Deduplication Rule(s) for this business rule, click on the Business Rule you created.

    image8.png
  6. Click on the round “+” icon to create a new Mute Rule/Deduplication Rule.

    image9.png
  7. Enter Rule Name and build the appropriate condition.

  8. Click Save.

  9. Similarly, Deduplication Rule(s) can be created.

    image10.png
  10. To test the newly created business rule, click the refresh image11.png icon and enter a time period (in days) and click Fetch. This shows the number of alerts that are eligible for incident/ticket creation.

    image12.png
  1. Go to Ticket Orchestrator and click Queues.

    image13.png
  2. Click Add Queue Configuration.

    image14.png
  3. Select previously created Business Rule from the drop down.

  4. Select the plugin Configuration from the dropdown for which the queue is being configured.

  5. Select the Queues from the dropdown. Which will list the groups available on the configured ServiceNow instance. The issues/tickets will be assigned to the selected group.

  6. Add/Map appropriate values between alerts and incidents under the Map Field section. Alert’s attributes can be accessed via “$” in the custom message field. Click on the Add button to add more field mappings.

  7. Click Save.

    image15.png
  8. Based on the business rule(s), ServiceNow issues/tickets for incoming alerts will be created automatically. To create ServiceNow issues/tickets for historical alerts, click the refresh image11.png icon for the configured queue, enter the time period (in days), and then click Fetch. This shows the number of alerts which are eligible for issues/ticktes creation. Click Sync to create ServiceNow issues/tickets for those alerts.

    image16.png

In order to validate the workflow, you must have Netskope Alerts.

  1. Go to Ticket Orchestrator and click Alerts.

    image17.png
  2. To view the list of tickets created on ServiceNow, go to Tickets.

    image18.png
  3. Click on the External Link of any ticket to directly go to the newly created ServiceNow issue/incident.

    image19.png
  4. If issues/tickets are not being created on ServiceNow, you can look at the audit logs in Cloud Exchange. In Cloud Exchange, click Logging and look through the logs for errors.