Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Visibility & Reporting

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

Manage System Settings

InsightCloudSec System Configuration

Developer Resources

APIs

Support

ServiceNow CMDB Integration

The InsightCloudSec ServiceNow Configuration Management Database (CMDB) integration provides end-to-end integration for managing cloud asset inventory and cloud configurations, synchronizing InsightCloudSec resources with Configuration Items (CIs) in the CMDB using a ServiceNow Application. This integration allows dynamic creation, management, and deletion of CIs based on the status of cloud resources in InsightCloudSec, facilitating quick assessment and response to configuration and resource changes in your cloud environments. If you have any questions or trouble setting up or using the integration, contact support.

Prerequisites

InsightCloudSec:
- Domain administrator permissions
ServiceNow:
- System administrator permissions
- Version Utah, Vancouver, or Washington
- Global system properties:
  - glide.http.outbound.max_timeout.enabled = false
  - glide.outbound_http_log.override.level = all
  - glide.outbound_http.content.max_limit = 10000
  - glide.outbound_http_log.override = true
- Plugins installed:
  - CMDB CI Class Models (sn_cmdb_ci_class) - 1.53.0
  - Discovery and Service Mapping Patterns (sn_itom_pattern) - 1.10.1
  - Cloud Provisioning and Governance Core (com.snc.cloud.core)

CMDB data ingest dependent upon plugins

If the Discovery and Service Mapping Patterns and Cloud Provisioning and Governance Core plugins are installed, the InsightCloudSec resources data will be ingested in the respective CMDB tables. Otherwise, data will be ingested into the cmdb_ci_cmp_resources table for dependent classes.

Installation and Setup

Step 1: Install the InsightCloudSec CMDB Integration in ServiceNow

Before ServiceNow can begin ingesting InsightCloudSec resources into your CMDB, you first need to download and install the Rapid7 InsightCloudSec CMDB Integration.

To download and install the InsightCloudSec CMDB Integration:

Login to ServiceNow.
Open the ServiceNow store.
Using the search field, type InsightCloudSec.
Click the Rapid7 InsightCloudSec CMDB Integration card.
Click Get, then provide the HI credentials for your ServiceNow instance.
Once the integration has been added, open your ServiceNow instance and navigate to Applications > All Available Applications > All.
Using the search field, type InsightCloudSec.
Click Install in the Rapid7 InsightCloudSec CMDB Integration application listing.

Step 2: Create the InsightCloudSec CMDB Integration Users

After installing the integration, it is best practice to create at least one user to interface and manage the corresponding ServiceNow application. Follow the instructions using ServiceNow's documentation to create a user and assign a role to the user. At the very least, we recommend creating an Application Admin user that is assigned the x_r7_rapid7_ics_cm.ics_admin, cmdb_read, workflow_admin roles.

Step 3: Configure the InsightCloudSec CMDB Integration

Using the new Application Admin user you created in the previous step, you'll need to configure authentication to InsightCloudSec and application properties as necessary.

To configure authentication:

Login to ServiceNow as your new Application Admin user.
Navigate to Rapid7 InsightCloudSec CMDB Integration > Configuration.
Provide a unique Name for the configuration.
For the Token, provide a portal-generated API key for the InsightCloudSec endpoint. To generate an API key, click the provided link in ServiceNow.
For the Host, provide the URL for your InsightCloudSec instance.
Click Update.

To configure application properties:

Need more information on the properties?

For more information on the properties, review the Application Properties Reference drop-down in this section.

Navigate to Rapid7 InsightCloudSec CMDB Integration > System Properties.
Update the properties as necessary, then click Save.

Application Properties Reference

Property Name	Description	Default
`x_r7_rapid7_ics_cm.api_idle_interval`	Minimum interval time between two API calls in seconds.	`5`
`x_r7_rapid7_ics_cm.Connection_Timeout`	Timeout for all REST calls in seconds.	`600`
`x_r7_rapid7_ics_cm.page_limit`	Page size of API call. Users can fetch a maximum of 1000 records in a single API call.	`1000`
`x_r7_rapid7_ics_cm.idle_count`	Maximum number of retries to be performed for API failures.	`3`
`x_r7_rapid7_ics_cm.idle_interval`	Minimum interval between API calls in seconds when an HTTP response code 429 or 500 is received.	`30`
`x_r7_rapid7_ics_cm.invalidate_job`	Number of days to terminate a long-running process monitor job.	`3`
`x_r7_rapid7_ics_cm.api_max_wait_time`	Maximum API response waiting time in seconds.	`180`

Step 4: Activate InsightCloudSec Schedulers and Data Imports

After successfully downloading, installing, and configuring the integration, you have to activate all the corresponding scheduled import jobs to begin ingesting InsightCloudSec resources into your CMDB. For more information on managing and cancelling ServiceNow jobs like Resource Import, Resource Type Import, Scope Import, and Resource Soft Delete, review the ServiceNow documentation.

To activate InsightCloudSec schedulers:

In your ServiceNow instance, navigate to System Definition > Scheduled Jobs.
Add the Application column to the list view.
Using the search field in the Application column, type Rapid7 InsightCloudSec CMDB Integration. The list should filter to only display the jobs associated with the Rapid7 InsightCloudSec CMDB Integration.
Update all of the jobs' Active column to true.

To activate InsightCloudSec data imports:

In your ServiceNow instance, navigate to System Definition > Scheduled Imports.
Add the Application column to the list view.
Using the search field in the Application column, type Rapid7 InsightCloudSec CMDB Integration. The list should filter to only display the jobs associated with the Rapid7 InsightCloudSec CMDB Integration.
Update all of the jobs' Active column to true.

Using the Integration

After the schedulers and data imports have successfully completed, you can view all imported resources from the Rapid7 InsightCloudSec CMDB Integration > Resources page. Click any resource to review details in read-only mode. You can also navigate to CMDB records directly through list view by clicking on the name under the Configuration Item column.

Timezone difference?

The time zone between the ServiceNow platform and your InsightCloudSec platform must be the same. A mismatch between the time zones can cause incorrect reporting in the application. Review the ServiceNow knowledge base for information on updating the system timezone.

Troubleshooting

For assistance with troubleshooting the integration, we recommend reviewing the application process monitor and logs.

Process Monitor

The application provides a Process Monitor module under the Diagnostics menu for reviewing high-level metrics from past runs of the feature. This module generates a list of all the processes with a corresponding scheduled job name and descriptive logs with the total count and reason for a process failure. In ServiceNow, navigate to Rapid7 InsightCloudSec CMDB Integration > Diagnostics > Process Monitor to get started. For details on the various statuses that appear in the process monitor, review the Process Monitor Status Reference drop-down.

Is a scheduled job taking time to reflect on the process monitor?

ServiceNow's backend scheduler will check any eligible jobs that need to be executed every 18 seconds. Once the backend scheduler is executed, all queued jobs will be picked for execution and the process monitor will be updated to reflect.

Process Monitor Status Reference

Process Name	Description
Initiated	Whenever the job is initiated.
In Progress	Whenever the job is in progress that means the queue is getting processed for that job.
Failed	Whenever the job fails due to any failure in API Call, MID server is down, or a selected configuration is deleted. If any job is running for 3 days, then the job will be failed forcefully and marked as Failed.
Completed	Whenever the job is completed successfully.
Completed with Error	Whenever the job is completed but all queues are not processed successfully (combination of failed and processed queues), there is an Identification Reconciliation Engine (IRE) error, or there is some unknown error.

Need more details on IRE errors?

You can update the glide.cmdb.logger.source.identification_engine global system property to * and re-run the scheduled job to add more details to the system logs.

Application Logs

Application logs can be viewed from the integration itself or in the system log (if configured). Navigate to Rapid7 InsightCloudSec CMDB Integration > Application Logs to see only the application-specific logs. For more information on system logs, review the ServiceNow documentation.

IRE Errors

If you're noticing an excess amount of IRE errors in the Application logs, this may be because the length of the Account ID is more than the CMDB will allow.

To update the length of the Account ID:

Login to ServiceNow.
Navigate to the CMDB CI Cloud Service Account list.
Update the length of the Account ID column to 255.

If you can't change the length of the Account ID using the previous method, try navigating to System Definition > Scripts - Background and running the following script


text
1
var gr = new GlideRecord("sys_dictionary");
2
gr.addEncodedQuery("nameSTARTSWITHcmdb_ci_cloud_service_account^elementSTARTSWITHaccount_id");
3
gr.query();
4
if(gr.next()) {
5
  gr.max_length = 255;
6
  gr.setWorkflow(false);
7
  gr.update();
8
}

Did this page help you?

Integrations

ServiceNow Integration

Integrations

Tenable.io Integration