ServiceNow

Critical to resolving a vulnerability is the handoff to one's engineering team. You can use the ServiceNow integration for IT Incident Response management to easily create issues and initiate remediation processes. This article covers the following sections.

Must be Authenticated: To push/view an issue in ServiceNow, you’ll need to be authenticated since Bugcrowd will not be collecting any authentication permissions.

Configuring ServiceNow Integration

The ServiceNow integration is set up in the program’s settings and is specified to create incidents in the customer’s ServiceNow instance. There are no limitations to the number of projects that can be set up with the ServiceNow integration.

To set up the ServiceNow integration, follow these steps:

  1. Navigate to your program Settings and select the Integrations tab.

    integrations-tab

  2. Select the Add integration button for ServiceNow.

    configure

  3. On the ServiceNow integrations page, click the Add ServiceNow Integration button to setup your first ServiceNow project.

    add-integration

    A page will be displayed where you can enter your instance details to enable creating issues in ServiceNow.

  4. On this page add the Instance Name, URL building fields, and set the Integration status.

    After configuring all details, click Save Integration to save the changes.

    configurations

Pushing Submissions to ServiceNow

Once you have the integration setup and enabled, you can push submissions to ServiceNow.

To push a submission to ServiceNow, follow these steps:

  1. Go to any submission, and click the Push to ServiceNow link.

    push-to-service-now

    A modal displaying the Create the incident link is displayed.

  2. Click Create the incident to open the corresponding issue in ServiceNow.

    create-incident

    The Submission contents are filled within the Incident form, enabling you to further edit it before submitting.

    open-issue

  3. Once the incident is saved, copy the ID number from the incident page and go back to Crowdcontrol where we will save it.

    save-map-id

  4. Fill in the ID number within the modal form in Crowdcontrol and save it.

    external-link-id

    This makes it easy to access the ServiceNow Incident within Crowdcontrol for further updates.

    accessing-incident

Enabling Two Way Integration

If you enable two way integration while configuring ServiceNow and push a submission, the status of the submission in Crowdcontrol will be automatically marked as resolved/closed when the ServiceNow incident to which it is associated is resolved/closed.

To enable two way integration, follow these steps:

  1. Go to Settings > Integrations, and then click Configure.

    configure-two-way

  2. Click on the integration name.

    integration-name

  3. Scroll down to the Two way integration section and copy the Webhook URL.

    webhook-url

  4. Go to the REST Message in ServiceNow and click New to create a new REST Message record.

  5. Add all details like Name, Description, paste the Webhook URL in the Endpoint field and then click Submit.

    paste-webhook-url

  6. Click on the REST Message record that you recently created, go to the HTTP Methods section and click the Default GET link.

    default-get

  7. Update the Name, and go to the HTTP Headers section. Add the header names and their values.

    header-names

    Go to the HTTP Query Parameters, Content section, define the query parameters and click Update.

    You can add the following content:

    {“event”:”update”,”incident_number”:”$(incident_number)”,”incident_state”:”$(incident_state)”}

  8. Check the Authentication type is set to Inherit from parent and the HTTP method is set to POST.

    inherit-from-parent

  9. Go to the Business Rule page and add the Name, select Incident in the Table drop-down.

    Check the Advanced checkbox and then go to the When to run tab.

    In the When drop-down select async and check the Update checkbox.

    async

    Go to the Advanced tab and define the business rule condition, script, and then click Submit.

    business-rule

    For the following condition, you can use the mentioned business rule script:

    current.incident_state == IncidentState.RESOLVED || current.incident_state == IncidentState.CLOSED

     (function executeRule(current, previous /*null when async*/) {
         try {
             var r = new sn_ws.RESTMessageV2('bugcrowd', 'bugcrowd');
             r.setStringParameterNoEscape('incident_number', current.number);
             r.setStringParameterNoEscape('incident_state', 'resolved');
             r.setStringParameterNoEscape('event', 'resolved');
             var response = r.execute();
         } catch (ex) {
             var message = ex.message;
         }
     })(current, previous);
    

Unlinking a ServiceNow Issue

You can unlink a saved ServiceNow issue from the Submissions page.

To unlink a ServiceNow issue, follow these steps:

  1. Click on the red bin icon adjacent to Update incident Id in the Integrations section.

    unlinking-servicenow-issue

    The unlink confirmation prompt is displayed.

  2. Click Unlink to confirm unlinking of the ServiceNow issue.

    confirm-unlink-servicenow

    A successful unlinking message is displayed.


Onboarding
Account Management
Security Program Management
Engagement Management
Reporting
Submission Management
Integration Management