9/2022 - rev 1
The Oort security platform can integrate with ServiceNOW to open tickets in response to failed Checks for various security configuration and identity threat events.
This document will walk you through the process of setting up access to ServiceNOW and will also walk you through the setup inside of the Oort console.
To add the necessary configuration in ServiceNOW, you need to have admin access to the following:
From the ServiceNOW admin console, select User Administration.
Create a new account for the Oort integration. Set the password according to your organization’s service account password policy and store it securely.
Check the Web service access only option.
Give it the incident_manager role.
Within the Oort console, navigate to -
Integrations -> New Integration -> ServiceNOW
Enter the following information:
Enter a name and description. Enter your ServiceNOW instance URL. It may be a custom URL if you have that configured. Enter the username and password of the account that you created.
To test the integration, navigate to a user that is failing a particular check, such as Inactive Users. Go to the Checks tab for that user.
Click the three dot option menu for a failing check and select Open Ticket. The ticket will appear in the lower section.
After testing successfully, click the Collect Now button to begin initial data collection immediately.