ServiceNow

Critical to resolving a vulnerability is the handoff to one’s engineering team. You can use the ServiceNow integration for IT Incident Response and Security Incident Response management to easily create issues and initiate remediation processes.

Must be Authenticated: To push/view an issue in ServiceNow, you’ll need to be authenticated since Bugcrowd will not be collecting any authentication permissions.

Configuring ServiceNow Integration

The ServiceNow integration is set up in the program’s settings and is specified to create incidents in the customer’s ServiceNow instance. There are no limitations to the number of projects that can be set up with the ServiceNow integration.

To set up the ServiceNow integration, follow these steps:

  1. Navigate to your program Settings and select the Integrations tab.

    integrations-tab

  2. Select the Add integration button for ServiceNow.

    configure

  3. On the ServiceNow integrations page, click the Add ServiceNow Integration button to setup your first ServiceNow project.

    add-integration

    A page will be displayed where you can enter your instance details to enable creating issues in ServiceNow.

  4. On this page add the Instance Name, URL building fields, and set the Integration status.

    • Integration Name: Provide a name for this ServiceNow integration
    • Instance: Specify your ServiceNow instance name
    • Integration Type: Select from the drop down menu, what type of ServiceNow Incident Response Management instance you have

      • IT Incident Response
      • Security Incident Response
    • Custom field names (optional): By default, the Description field in Bugcrowd Submission will map to the Description field in the ServiceNow Incident. If you would like to map the Description field to some other custom field in the Incident, then please specify the name of the custom field here. The information from the submission Description field will be sent to the Incident custom field specified here.
    • Integration status: Select Enabled to activate the integration
    • Two way integration: Select Enabled if you want to enable two way integration. Please refer to the section Enabling Two way Integration

    configurations-new

    After configuring all details, click Save Integration to save the changes.

    Note: Be sure to specify the correct ServiceNow Incident Management type depending on your ServiceNow instance. When specifying the custom field name, add “u_” to the front of the custom field name. For example, if you see the name of the custom field as “new_custom_field” in ServiceNow incident page, then specify the name as “u_new_custom_field”.

Pushing Submissions to ServiceNow

Once you have the integration setup and enabled, you can push submissions to ServiceNow.

To push a submission to ServiceNow, follow these steps:

  1. Go to any submission, and click the Push to ServiceNow link. Depending on the Integration type, you will see either Push to ServiceNow (IT incident) or Push to ServiceNow (Security incident).

    push-to-service-now

    A modal displaying the Create the incident link is displayed.

  2. Click Create the IT Incident or Create the Security Incident, to open the corresponding issue in ServiceNow.

    create-incident

    The submission content is populated in the Incident form enabling you to further edit it before submitting.

    open-issue

  3. Once the Incident is saved, copy the ID Number from the incident page and go back to Crowdcontrol to save it.

    save-map-id

  4. In the External Link ID field in the modal form, fill in the ID Number and click Save.

    external-link-id

    A link to the ServiceNow incident is created in the submission. This makes it easy to access the ServiceNow Incident within Crowdcontrol for further updates.

    accessing-incident

Enabling Two Way Integration

If you enable two way integration while configuring ServiceNow and push a submission, the status of the submission in Crowdcontrol will be automatically marked as resolved/closed when the ServiceNow incident to which it is associated is resolved/closed.

To enable two way integration, follow these steps:

  1. Go to Settings > Integrations, and then click Configure.

    configure-two-way

  2. Click on the integration name.

    integration-name

  3. Scroll down to the Two way integration section and copy the Webhook URL.

    webhook-url

  4. Go to the REST Message in ServiceNow and click New to create a new REST Message record.

  5. Add all details like Name, Description, paste the Webhook URL in the Endpoint field and then click Submit.

    paste-webhook-url

  6. Click on the REST Message record that you recently created, go to the HTTP Methods section and click the Default GET link.

    default-get

  7. Update the Name, and go to the HTTP Headers section. Add the header names and their values.

    header-names

    Go to the HTTP Query Parameters, Content section, define the query parameters and click Update.

    You can add the following content:

    {“event”:”update”,”incident_number”:”$(incident_number)”,”incident_state”:”$(incident_state)”}

  8. Check the Authentication type is set to Inherit from parent and the HTTP method is set to POST.

    inherit-from-parent

  9. Go to the Business Rule page and add the Name, select Incident in the Table drop-down.

    Check the Advanced checkbox and then go to the When to run tab.

    In the When drop-down select async and check the Update checkbox.

    async

    Go to the Advanced tab and define the business rule condition, script, and then click Submit.

    business-rule

    For the following condition, you can use the mentioned business rule script:

    current.incident_state == IncidentState.RESOLVED || current.incident_state == IncidentState.CLOSED

     (function executeRule(current, previous /*null when async*/) {
         try {
             var r = new sn_ws.RESTMessageV2('bugcrowd', 'bugcrowd');
             r.setStringParameterNoEscape('incident_number', current.number);
             r.setStringParameterNoEscape('incident_state', 'resolved');
             r.setStringParameterNoEscape('event', 'resolved');
             var response = r.execute();
         } catch (ex) {
             var message = ex.message;
         }
     })(current, previous);
    

Unlinking a ServiceNow Issue

You can unlink a saved ServiceNow issue from the Submissions page.

To unlink a ServiceNow issue, follow these steps:

  1. Click on the red bin icon adjacent to Update incident Id in the Integrations section.

    unlinking-servicenow-issue

    The unlink confirmation prompt is displayed.

  2. Click Unlink to confirm unlinking of the ServiceNow issue.

    confirm-unlink-servicenow

    A successful unlinking message is displayed.