ServiceNow Plugin for Ticket Orchestrator

ServiceNow Plugin for Ticket Orchestrator

This document explains how to configure your ServiceNow integration with the Ticket Orchestrator module of the Netskope Cloud Exchange platform.


To complete this configuration, you need:

  • A Netskope tenant (or multiple, for example, production and development/test instances) that is already configured in Cloud Exchange.
  • A Netskope Cloud Exchange tenant with the Ticket Orchestrator module already configured.
  • A ServiceNow account.
  • Permissions needed for the plugin are itil or sn_incident_write, sn_incident_read, Personalize_read_dictionary, and sn_si.admin.
  • Connectivity to the following hosts: and
Performance Matrix
Stack SizeMedium
Number of Core8
Tickets Created Per Minute~60
  • Roles required when Incidents is configured in the Destination Table parameter:
    • itil or sn_incident_write, sn_incident_read
    • personalize_read_dictionary
  • Role required when Security Incidents is configured in the Destination Table parameter:
    • Sn_si.admin
API Details

The plugin uses the ServiceNow Table API to create tasks, get available fields, and get queues from ServiceNow.

Refer to the official documentation for more information on the Table API.!/reference/api/rome/rest/c_TableAPI

API detailsMethodEndpoint
Validate authenticationGET/api/now/table/incident
Get the list of ServiceNow groups as queues.GET/api/now/table/sys_user_group
Get the list of all the available fields.GET/api/now/table/sys_dictionary
Create a task in the security incident tablePOST/api/now/table/sn_si_incident
Create a task in the incident tablePOST/api/now/table/incident
Update task in incident tablePATCH/api/now/table/incident
Update task in security incident tablePATCH/api/now/table/sn_si_incident
Sync states of tasksGET/api/now/table/task


  1. Confirm your ServiceNow roles.
  2. Configure the ServiceNow plugin.
  3. Configure Ticket Orchestrator Business Rules for ServiceNow.
  4. Configure Ticket Orchestrator Queues for ServiceNow.
  5. Validate the ServiceNow Plugin.

Click play to watch a video.


Confirm ServiceNow Account Roles

You must have a ServiceNow instance with a valid username and password in order to use ServiceNow plugin. Your account should have following roles:

  • itil, sn_incident_write, or admin (For Incident)
  • sn_si.admin (For Security Incident)

When deciding which role to use for entitling the ServiceNow Ticket Orchestrator plugin, the sn_si.admin role is NOT mandatory. If you don’t have sn_si available, configure Ticket Orchestrator to use the default incidents table and not security incidents.

Assigning Roles to Users

  1. Log in to your ServiceNow instance.
  2. Go to System Security > Users and Groups > Users.
  3. Click New.
  4. Enter the required information, make note of the User ID, and then click on Submit.
  5. On the Users page, search for your user ID, and then click on your user, like shown below.
  6. Click Set Password.
  7. Click Generate. Copy the password, click Save Password, and then Close.
  8. Scroll down to Roles and click Edit.
  9. Add the itil, personalize_read_dictionary, and sn_si.admin roles. Click Save.
  10. Click Update.

Configure the ServiceNow Plugin

  1. In Cloud Exchange, go to Settings > Plugins.
  2. Search for and select the ServiceNow v1.1.0 (CTO) plugin box to open the plugin creation page (make sure your Ticket Orchestrator module is enabled. If not, go to Settings > General and enable the Ticket Orchestrator module).
  3. Enter a Configuration Name.
  4. Adjust the Sync Interval to appropriate value: Suggested time is 5+ minutes.
  5. Click Next.
  6. Enter your ServiceNow instance URL. It will be in the following format: https://<your-domain>
  7. Enter your username and password.
  8. Click Next.
  9. Select the configuration parameter from the following fields.
    • Destination Table: Name of the table where incidents will be created.
      • Security Incidents
      • Incidents
    • Use Default Mappings: Select ‘Yes’ for the No Queue option (No Queue uses default mappings for queue and does not require elevated access) on the Queue configuration page, otherwise select ‘No’.
      • Yes: below default mapping will be used for the No Queue option.
      • No: users can create custom mappings.
    FieldCustom Message
    Short description“Netskope $appCategory alert: $alertName”
    Description“Alert ID: $idn

    App: $appn

    Alert Name: $alertNamen”

    “Alert Type: $alertTypen

    App Category: $appCategoryn

    User: $user”

  10. Click Save.

Configure Ticket Orchestrator Business Rules for ServiceNow

  1. Go to Ticket Orchestrator and click Business Rules.
  2. Click Create new rule.
  3. Enter the appropriate Rule Name in the text box and build the appropriate filter query condition on field(s) for the business rule. You can also type the query manually by clicking Filter Query.
  4. Click Save.
  5. To test the newly created business rule, click on the refresh icon image11.png and enter the time period (in days). Click Fetch to see the number of alerts that are eligible for incident/ticket creation.

Configure Ticket Orchestrator Queues for ServiceNow

  1. Go to Ticket Orchestrator and click Queues.
  2. Click Add Queue Configuration.
  3. Select the previously created Business Rule from the dropdown.
  4. Select the plugin Configuration from the dropdown for which the queue is being configured.
  5. Select the Queues from the dropdown. This will list the groups available on the configured ServiceNow instance. The issues/tickets will be assigned to the selected group.
  6. Add/Map appropriate values between alerts and incidents under the Map Field section. Alert’s attributes can be accessed via “$” in the custom message field. Click on the Add button to add more field mappings.
  7. Click Save.
  8. Based on the business rule(s), ServiceNow issues/tickets for incoming alerts will be created automatically. To create ServiceNow issues/tickets for historical alerts, click the refresh image11.png icon for the configured queue, enter the time period (in days), and then click Fetch. This shows the number of alerts which are eligible for issues/ticktes creation. Click Sync to create ServiceNow issues/tickets for those alerts.

Validate the ServiceNow Plugin

In order to validate the workflow, you must have Netskope Alerts.

  1. Go to Ticket Orchestrator and click Alerts.
  2. To view the list of tickets created on ServiceNow, go to Tickets.
  3. To validate in ServiceNow, click on the External Link of any ticket to directly go to the newly created ServiceNow issue/incident.
  4. If issues/tickets are not being created on ServiceNow, you can look at the audit logs in Cloud Exchange. In Cloud Exchange, click Logging and look through the logs for errors.
Share this Doc

ServiceNow Plugin for Ticket Orchestrator

Or copy link

In this topic ...