The ServiceNow data exporter allows you to export incidents and investigations to ServiceNow, the ticketing system. Once this is configured within InsightIDR, you can export incident and investigation details with a click of a button to start the ticketing process.

You can also use ServiceNow with automated workflows to create tickets during Investigations.

Before You Begin

The integration with ServiceNow currently requires the URL of a ServiceNow server that accepts inbound communication from the Rapid7 Insight Platform, and an account with an admin permission or one of the following permissions:

  • itil_admin
  • itil
  • mid_server

The above minimum permissions will allow you to create a connection, but you must be aware of other fields required to create a ticket. If the account does not have access to a required field you may not be able to save field mappings correctly.

Make sure to configure an account for the integration that has permissions to create an incident in Service Now outlined above.

How to Configure ServiceNow for InsightIDR

You can read instructions on ServiceNow configuration with third party applications here:

Configure the data exporter

After you complete the prerequisite steps, you must add the data exporter in InsightIDR.

To configure the new data exporter in InsightIDR:

  1. From the left menu, go to Data Collection and click Data Exporters.
  2. Click Add Data Exporter.
  3. Select ServiceNow as the Data Exporter Type.
  4. Choose your collector. You can also name your data exporter if you want.
  5. In the URL field, enter the URL to the ServiceNow server.
  6. Optionally, select the Investigations checkbox to export asset-specific investigations from InsightIDR.
  7. Select the credentials to your ServiceNow Controller or create a new credential.
  8. In the Password field, enter the password for the ServiceNow Controller.
  9. Click Save.

You can now select Export to ServiceNow when viewing an investigation.

Selecting this option will automatically post the investigation details to the incident table in ServiceNow with the same heading it had in InsightIDR. It will also attach a JSON object with all the details from that investigation.