ServiceNow Integration
Create ServiceNow incidents automatically when critical CVEs hit your environment.
Prerequisites
- ServiceNow instance URL (e.g.
yourorg.service-now.com) - ServiceNow user credentials with rights to create incidents
- The table to write to (default:
incident)
Configure in BreachSpider
- Navigate to Integrations > Ticketing
- Click Add Rule
- Select destination type: ServiceNow
- Fill in:
- Instance URL (without https://)
- Username
- Password
- Table (default:
incident) - Click Test Connection - creates a test incident
- Click Save Rule
Via API
rule = {
"name": "Plant Floor ServiceNow",
"environment_id": 3,
"trigger_event": "kev.new",
"severity_floor": 7.0,
"destination_type": "servicenow",
"servicenow_instance": "yourorg.service-now.com",
"servicenow_user": "breachspider_integration",
"servicenow_password": "your-password",
"servicenow_table": "incident"
}
response = requests.post(
"https://breachspider.com/api/v1/integrations/ticket-rules",
headers=headers,
json=rule
)
Incident Fields
| ServiceNow Field | BreachSpider Value |
|---|---|
| short_description | [BreachSpider] CVE-ID - Title (CVSS score) |
| description | Full CVE detail, SAGE analysis, affected assets |
| urgency | 1 (Critical/High), 2 (Medium), 3 (Low) |
| impact | 1 for KEV flagged, 2 otherwise |
| category | Security |
| subcategory | Vulnerability |
| caller_id | BreachSpider Integration |