Integrating Invicti Enterprise with ServiceNow Incident Management
You can integrate ServiceNow (SNOW) Incident Management with Invicti Enterprise to manage issues.
Incident Management is an issue-tracking system that also helps organizations prioritize and share tasks across departments. So, you can pinpoint indicators of problems to prevent issues and predict future ones.
Supporting bi-directional integration
Invicti Enterprise support bi-directional integration with SNOW Incident Management. So, you can resolve and reopen issues according to the scan result. Also, you can create issues automatically. Invicti Enterprise uses user-provided resolved and reopened statuses in ServiceNow Incident Management for this purpose.
This topic explains how to integrate Invicti Enterprise with ServiceNow Incident Management.
For further information, see What Systems Does Invicti Integrate With?
ServiceNow Incident Management fields
This table lists and explains the ServiceNow fields on the New ServiceNow Incident Management Integration page.
Button/Section/Field | Description |
Name | This is the name of the configuration that will be shown elsewhere. |
URL | This is the ServiceNow Incident Management instance URL. |
Username | This is the name of the user. |
Password | This is the password that is used for the ServiceNow Incident Management account. |
Title Format | This is the string format that is used to create the vulnerability title. |
Template | This is the type of issue description template. There are two template types for issue templates: Standard and Detailed. The Detailed template has additional fields such as Request and Response. So, you can view them in the Activity field on ServiceNow. |
Integrating Invicti Enterprise with the Incident Management
There are two steps to this integration:
- Setting up the connection with the Incident Management
- Configuring project details for integration
Step 1. How to integrate Invicti Enterprise with the ServiceNow Incident Management
- Log in to Invicti Enterprise.
- From the main menu, select Integrations > New Integration.
- From the Issue Tracking Systems section, select ServiceNow Incident Management.
- In the Name field, enter a name for the integration.
- In the Mandatory section, complete the connection details:
- URL (ServiceNow Server)
- ServiceNow Username
- ServiceNow Password
- Select Load ServiceNow Details.
If successful, Invicti displays your project details to continue configuring your integration. Otherwise, Invicti displays an error message.
Step 2. How to configure your SNOW Incident Management instance with Invicti Enterprise
The Incident Configuration fields vary based on your configuration of the SNOW Incident Management.
- From the Incident Configuration section, enter the Title Format.
- From the Template section, choose a template type. (Based on the template selection, you can view Response and Request information in the Activity field on ServiceNow.)
- Configure the rest of the fields according to your configuration.
- From the Field Mappings section, select + Add Mapping.
- Next to the Invicti Severity drop-down, select the Invicti Value drop-down.
- From the Select Field drop-down, select an option. When selected, a drop-down appears. Select an option.
The Field Mappings have priority over the Optional Fields. For example, if you configure the Priority in the Optional Fields and the Field Mappings, Invicti Enterprise will prioritize the configuration in the Field Mappings.
- Select Save.
If successful, Invicti Enterprise saves your integration.
Creating a sample issue to test integration
- From the main menu, select Integrations > Manage Integrations.
- From the Manage Integrations page, next to the relevant SNOW integration, select Edit.
- Select Create Sample Issue.
Invicti Enterprise exports a sample issue to SNOW Incident Management to test the integration. If successful, the following ticket is opened in the Incident Management:
How to edit the Incident Management integration
- From the main menu, select Integrations > Manage Integrations.
- Next to the relevant SNOW Incident Management integration, select Edit.
- Make the necessary changes, and select Save.
How to delete the Incident Management integration
- From the main menu, select Integrations > Manage Integrations.
- Next to the relevant Incident Management integration, select Delete.
- From the Delete Integration pop-up, select Delete.
How to clone the Incident Management integration
You can clone your integration to create as many incident management integrations as you need. However, due to security precautions, passwords cannot be cloned.
- From the main menu, select Integrations > Manage Integrations.
- Next to the relevant Incident Management integration, select Clone.
- Make the necessary changes, and select Save.
Exporting issues to SNOW Incident Management
There are several ways to send issues to SNOW Incident Management with Invicti Enterprise:
How to export reported issues to projects in the Incident Management
- Once the integration has been configured, you can configure Invicti Enterprise to automatically send issues to SNOW Incident Management after scanning has been completed. For further information, see Managing Notifications.
- You can send one or more issues from the Issues page:
- From the main menu, select Issues > All Issues.
- On the Issues page, select one or more issues you want to send.
- Select Send To > ServiceNow Incident Management.
A pop-up is displayed, with a link to the issue you have sent to the SNOW Incident Management. If there is an error, this information will be displayed instead.
- You can send an issue from the Recent Scans page:
- From the main menu, select Scans > Recent Scans.
- Next to the relevant scan, select Report.
- Scroll down to the Technical Report section.
- From the list of detected issues, select an issue and display its details.
- Select Send To > ServiceNow Incident Management.
If you have already previously submitted this vulnerability to SNOW Incident Management, it will already be accessible. You cannot submit the same issue twice.
Registering webhook for bi-directional integration
To enhance issue synchronization support, Invicti Enterprise also offers webhook support. This enables you to detect any status changes in ServiceNow Incident Management issues opened by Invicti Enterprise.
- Invicti Enterprise generates a Webhook URL after you save your integration settings. When you register this link as a webhook in your ServiceNow Incident Management project and enter your preferred Resolved and Reopen statuses, you will complete Invicti Enterprise issue synchronization for your integration.
- When you change your ServiceNow Incident Management issue’s status to your preferred Resolved status, the issue is automatically marked as Fixed (Unconfirmed) in Invicti Enterprise, and a retest scan is started. If you select the After retesting, change the status of fixed vulnerabilities to Closed checkbox, and the issue will be closed.
- When you change your ServiceNow Incident Management issue’s status to your preferred Reopened status, your corresponding Invicti Enterprise issue is automatically marked as revived.
Prerequisite
There are 3 steps to configure the bi-directional integration between Invicti Enterprise and ServiceNow Incident Management.
- Configure notification for bi-directional integration
- Copy the webhook URL
- Configure the ServiceNow instance
Step 1. Configuring notification for bi-directional integration
- Log in to Invicti Enterprise.
- Select Notifications > Manage Notifications.
- Next to the Scan Completed event, select Edit.
- From the Integration Endpoints field, select ServiceNow Incident Management.
- Select Save.
Step 2. Copying the webhook URL
- From the main menu, select Integrations > Manage Integrations.
- Next to the relevant ServiceNow Incident Management Integration, select Edit.
- Scroll down to the Webhook Settings section.
- In the Webhook URL field, select Copy to clipboard.
Resolved Status is a ServiceNow Incident Management incident status to match when the webhook script has been added. They must be the same.
Step 3. Configuring ServiceNow Incident Management for bi-directional integration
- Log in to ServiceNow.
- In the Filter Navigation textbox search for ‘business rules’.
- Under System Definition, select Business Rules.
- From the Business Rules page, select New.
- Select Table, then Incident [incident].
- Select the Advanced checkbox.
- In the When to Run tab, from the When drop-down, select after.
- Enable the Update checkbox.
- Select the Advanced tab.
- Modify the following script and fill in the script condition as illustrated:
Condition: current.incident_state.changesTo(6)
6 = Resolved
7 = Closed
Note that the Resolved status in the ServiceNow Incident Management integration must be matched with the script condition.
Script:
(function executeRule(current, previous /*null when async*/) {
/*
* Incident states
* Resolved = 6
* Closed = 7
*
* condition for sending incident
* for resolved incidents use this
* current.incident_state.changesTo(6)
*
* for closed incident use this:
* current.incident_state.changesTo(7)
*/
// change endpoint variable with your Webhook URL in the ServiceNow integration
// navigate to the ServiceNow integration https://www.netsparkercloud.com/integrations/integrations/
// paste your Webhook URL in the endpoint variable. It's a link similar to this: https://www.netsparkercloud.com/integrations/serviceNowWebhook?key=XXX&identifier=XXX
var endpoint = ‘PASTE YOUR SERVICENOW WEBHOOK HERE’;
gs.info("Incident close code = " + current.close_code);
gs.info("Incident number = " + current.number + " and id = " + current.sys_id + " will be sent.");
//add current incident number to endpoint query
endpoint = endpoint + "&caseNumber=" + current.sys_id;
try {
var request = new sn_ws.RESTMessageV2();
request.setHttpMethod('post');
request.setEndpoint(endpoint);
request.setRequestBody("{}");
var response = request.executeAsync();
response.waitForResponse(60);
var httpResponseStatus = response.getStatusCode();
gs.info("http response status_code: " + httpResponseStatus);
} catch (ex) {
var message = ex.getMessage();
gs.info(message);
}
})(current, previous);
- Select Submit.
Following these steps, Invicti Enterprise exports issues identified to ServiceNow Incident Management.
[Tutorial] Using bi-directional integration in Invicti Enterprise
The following tutorial walks you through steps to export issues identified by Invicti Enterprise to ServiceNow Incident Management.
How to use bi-directional integration in Invicti Enterprise
- Log in to Invicti Enterprise.
- From the main menu, select Scans > New Scan.
- Configure your scan. For further information, see Creating a new scan.
- From the Scan Settings, select Notifications to make sure that the Scan Completed event has an integration endpoint.
- Launch the scan and wait for the scan completion.
- Navigate to ServiceNow and go to the Incidents page.
No issues? Check the filter on the Incident page. It should be set to All.
- Update the issue to a Resolved or Closed state which was chosen earlier.
- Go to Invicti Enterprise.
- From the main menu, select Issues > Waiting for Retest to see your issue(s).
After the retest starts, if the issue is retested correctly and if the vulnerability exists, it will be reopened by the system. If the vulnerability is fixed, no action will be taken.