AlienVault® USM Anywhere™

Configuring the AlienApp for ServiceNow

Role Availability Read-Only Analyst Manager

To enable the AlienApp for ServiceNow actions within USM Anywhere, you must configure the AlienApp by setting up the integration with your ServiceNow instance. After validation of the configuration, you can include an action as part of an orchestration rule triggered by an event, or launch the action from the details page for a specific alarm, event, or vulnerability. See AlienApp for ServiceNow Orchestration for more information about using this functionality.

AlienApp for ServiceNow Requirements

As a ServiceNow administrator, you must create the user account credentials in your ServiceNow instance to be used by the AlienApp through the ServiceNow REST APIs. This user account must have rights to perform create, read, update, and delete (CRUD) operations using the ServiceNow Table API and Aggregate API. If you are using the ServiceNow Security Incident Response application and want the AlienApp for ServiceNow to create new security incidents, this user must also have the sn_si.integration_user or sn_si.admin role .

If you choose to use OAuth, you must create an endpoint for AlienApp for ServiceNow to access your ServiceNow instance. See ServiceNow production documentation for more details.

Note: It is a best practice to have a user account configured in your ServiceNow instance that can be used exclusively for USM Anywhere. With this exclusive user account, you can easily filter incidents in the ServiceNow UI to display incident tickets created by USM Anywhere. Also, the incidents created by the AlienApp for ServiceNow and the history are displayed in the USM Anywhere UI according to this user name; by using an exclusive user account, this information will include only the information that is related to USM Anywhere Alarm, Vulnerability, and Event response.

If you are a service provider or enterprise that manages more than one USM Anywhere instance, you can configure the AlienApp for ServiceNow on each instance to connect to the same ServiceNow environment. In this case, you should create a unique user account to be used by each USM Anywhere instance so that you can differentiate them in the ServiceNow UI and the history and incident information displayed in USM Anywhere reflects only that instance.

Before you configure the AlienApp for ServiceNow, make sure you have these requirements in place:

  • Fully-qualified domain name (FQDN) for your ServiceNow instance
  • User name and password to use for USM Anywhere access
  • (OAuth only) ServiceNow Client ID
  • (OAuth only) ServiceNow Client secret

Configuring the ServiceNow Connection in USM Anywhere

To support the ServiceNow response actions in USM Anywhere, you must configure a connection with the ServiceNow instance. This connection enables the AlienApp to perform CRUD operations using the ServiceNow Table and Aggregate REST APIs.

To configure the connection

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Access the AlienApps page

  3. On the AlienApps page, click the ServiceNow tile.

    Click the ServiceNow tile

    The Status tab is displayed, but it does not provide status information until the AlienApp for ServiceNow is enabled and configured.

  4. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.

    USM Anywhere AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor.

    Select a deployed sensor used to enable the AlienApp

  5. At the top-right of the page, click Enable.
  6. Click the Settings tab.
  7. Specify the basic connection information.

    • Instance name: Enter the FQDN for your ServiceNow instance.

      For example, if you access your ServiceNow instance at, you must enter in this field.

    • Username: Enter the user name for the account that USM Anywhere will use to access ServiceNow.
    • Password: Enter the password for the account.
  8. (OAuth only.) Specify the OAuth authentication parameters.

    • Is OAuth enabled: Select this checkbox to use OAuth for the ServiceNow connection.
    • Client ID: Enter the client ID that is configured in the ServiceNow System OAuth Application Registry.
    • Client Secret: Enter the client secret for the client ID.

    Enter your ServiceNow account information to configure the AlienApp for ServiceNow

  9. Click Save.
  10. Click the Status tab to verify the connection.

    After USM Anywhere completes a successful connection to the ServiceNow instance and the APIs, this tab displays icons in the Health column for the AlienApp.

    Verify the configured ServiceNow connection

    If the icon appears, there is a problem with the connection. The Message column provides information about the issue. Repeat the steps to fix the configuration or troubleshoot your ServiceNow connection.