Integrating Invicti Enterprise with ServiceNow Incident Management

You can integrate ServiceNow (SNOW) Incident Management with Invicti Enterprise to streamline issue management. ServiceNow helps organizations track, prioritize, and share tasks across departments, enabling proactive issue detection and prevention.

Bi-Directional Integration

Invicti Enterprise supports bi-directional integration with SNOW, allowing issues to be automatically created, resolved, and reopened based on scan results. It uses user-defined Resolved and Reopened statuses in SNOW for this purpose. Our other Integrations can be viewed in the linked document.

This document explains how to integrate Invicti Enterprise with ServiceNow Incident Management.

This process involves four steps:

• Step 1: Set up the connection
• Step 2: Set up incident configuration in SNOW
• Step 3: Create a sample issue
• Step 4: Configure bi-directional webhooks (optional)

Step 1: Set up the connection

During this step, you will integrate Invicti Enterprise with ServiceNow Incident Management.

• Select Integrations > New Integration from the left-side menu.
• From the Issue Tracking Systems section, select ServiceNow Incident Management.

• Enter a name for the integration. This is the name of the configuration that will be displayed in other areas as well.
• Fill in the following required information:

• URL: ServiceNow Incident Management instance URL
• Username: Name of the user as in ServiceNow
• Password: The password used for the ServiceNow Incident Management account

• Select Load ServiceNow Details. If successful, your project details are displayed, allowing you to continue configuring your integration. Otherwise, an error message will appear.

Step 2: Set up incident configuration in SNOW

• In the Incident Configuration section, enter the Title Format. This is the string format that is used to create the vulnerability title.
• Select a Template: Standard or Detailed to see the specific information. This defines the issue description template type: Standard or Detailed. The Detailed template includes extra fields like Request and Response, visible in the ServiceNow Activity field.

• Configure the rest of the fields according to your configuration.
• From the Field Mappings section, select Add Mapping.
• Next to the Invicti Severity dropdown, select the Invicti Value dropdown.
• From the Select Field dropdown, select an option.

• Click Save.

Step 3: Create a sample issue

• Select Integrations > Manage Integrations from the left-side menu.
• From the Manage Integrations page, next to the relevant SNOW integration, select Edit.
• Click Create Sample Issue. Invicti Enterprise exports a sample issue to SNOW Incident Management to test the integration. If successful, the following ticket is opened in Incident Management:

Step 4: Register webhooks for bi-directional integration (optional)

Invicti Enterprise supports webhooks for real-time issue synchronization with SNOW Incident Management. After saving your integration, Invicti generates a Webhook URL—register this in SNOW and set your preferred Resolved and Reopen statuses.

• Resolved in SNOW → Fixed (Unconfirmed) in Invicti Enterprise, triggering a retest scan. If enabled, fixed issues are then closed.
• Reopen in SNOW → Revived in Invicti Enterprise automatically.

To configure the bi-directional integration between Invicti Enterprise and ServiceNow Incident Management follow these steps:

• Configure notification for bi-directional integration
• Copy the webhook URL
• Configure the SNOW instance

Configure notification for bi-directional integration

• In Invicti Enterprise, select Notifications > Manage Notifications from the left-side menu.
• Next to the Scan Completed event, select Edit.
• From the Integration Endpoints field, select ServiceNow Incident Management.
• Click Save.

Copy the webhook URL

• Select Integrations > Manage Integrations from the left-side menu.
• Next to the relevant ServiceNow Incident Management Integration, select Edit.
• Scroll down to the Webhook Settings section.
• In the Webhook URL field, click Copy to clipboard icon.

Configure the SNOW instance

• Search in the filter navigation textbox for “business rules”.

• Under System Definition, select Business Rules.
• From the Business Rules page, select New.
• Select Table, then Incident [incident].

• Enable the Advanced checkbox.
• In the When to Run tab, from the When dropdown, select after.
• Enable the Update checkbox.

• Select the Advanced tab.
• Modify the following script and fill in the script condition as illustrated:

Script for amendment:

• Click Submit.

Following these steps, Invicti Enterprise exports issues identified to ServiceNow Incident Management.

How to use bi-directional integration in Invicti Enterprise

The following tutorial walks you through steps to export issues identified by Invicti Enterprise to ServiceNow Incident Management.

• Select Scans > New Scan from the left-side menu.
• Create a new scan.
• In Scan Settings, go to Notifications and ensure the Scan Completed event has an integration endpoint.

• Launch the scan and wait for the scan completion.
• Navigate to ServiceNow and go to the Incidents page.

• Update the issue to a Resolved or Closed state which was chosen earlier.
• In Invicti Enterprise, go to Issues > Waiting for Retest from the left-side menu to view your issues.

After the retest begins, if the vulnerability still exists, the issue will be reopened automatically. If the vulnerability is fixed, no action will be taken.

Manage the Incident Management integration

How to edit it

• Select Integrations > Manage Integrations from the left-side menu.
• Next to the relevant SNOW Incident Management integration, select Edit.
• Make the necessary changes, and click Save.

How to delete it

• Select Integrations > Manage Integrations from the left-side menu.
• Next to the relevant Incident Management integration, select Delete.
• In the Delete Integration popup, select Delete.

How to clone it

• Select Integrations > Manage Integrations from the left-side menu.
• Next to the relevant Incident Management integration, select Clone.
• Make the necessary changes, and click Save.

Export issues to SNOW Incident Management

There are several ways to send issues to SNOW Incident Management with Invicti Enterprise:

• Automatic issue submission
• Send issues from the Issues page
• Send issues from the Recent scans page

Automatic issue submission

Once the integration is configured, Invicti Enterprise can automatically send issues to SNOW Incident Management after a scan is completed.  For more information, refer to Using bi-directional integration or Managing Notifications document.

Send issues from the Issues page

To send one or more issues from the Issues page follow these steps:

• Navigate to Issues > All Issues from the left-side menu.
• Select one or more issues to send.
• Click Send To > ServiceNow Incident Management.

Send issues from the Recent scans page

To send an issue from the Recent Scans page follow these steps:

• Select Scans > Recent Scans from the left-side menu.
• Next to the relevant scan, select Report and scroll to the Technical Report section.
• Select an issue from the list and view its details.
• Click Send To > ServiceNow Incident Management.

Prevent reopening issues in SNOW IM

When the option “Do not re-open issues marked as False Positive or Accepted Risk” is enabled and the vulnerabilities previously marked as False Positive or Accepted Risk are revived during scans, the system doesn’t reopen the issue in ServiceNow Incident Management. This option is disabled by default.

How to enable the option

• Select Integrations > Manage Integrations from the left-side menu.
• Click Edit next to your SNOW IM integration.
• Navigate to Webhook Settings.
• Under the Webhook URL, enable the Do not re-open issues marked as False Positive or Accepted Risk checkbox.

• Click Save to close the settings.