Documentation Center
AlienVault® USM Anywhere™

AlienApp for ServiceNow Orchestration

As USM Anywhere surfaces events, alarms, and vulnerabilities, your team determines which items require the opening of a new ServiceNow incident. Rather than manually opening each incident ticket in the ServiceNow UI and entering the relevant alarm, event, or vulnerability information, you can use the AlienApp for ServiceNow response actions to enhance and simplify your workflow.

Action Function

Create a new incident from an alarmAlarms provide notification of an event or sequence of events that require attention or investigation.

Run this action to generate a new ServiceNow incident for an alarm.

This action is available when you launch a response action directly for an existing alarm or launch a response action in an orchestration rule.

Create a new incident from a vulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security.

Run this action to generate a new ServiceNow incident for a vulnerability.

This action is available only when you launch a response action directly for an existing vulnerability.

Create a new incident from an eventAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall.

Run this action to generate a new ServiceNow incident for an event.

This action is available only when you launch a response action directly for an existing event.

Create a new incident from event based orchestration rule

Run this action to generate a new ServiceNow incident for future events that match your criteria.

This action is available only when you launch a response action in an orchestration rule.

Create a new incident from a vulnerability status update

Run this action to generate a new ServiceNow incident for a status update on a vulnerability that matches your criteria.

This action is available only when you launch a response action in an orchestration rule.

Upon execution of a response action, USM Anywhere generates the ServiceNow incident and passes the associated information to that new incident ticket.

Note: Before launching a ServiceNow response action or creating a ServiceNow response action rule, the AlienApp for ServiceNow must be enabled and connected to your ServiceNow instance. For more information, see Configuring the AlienApp for ServiceNow .

To view information about these actions in USM Anywhere

  1. In USM Anywhere, go to DATA SOURCES > INTEGRATIONS.
  2. Click the AlienApps tab.

    Access the AlienApps page

  3. In the AlienApps page, click the ServiceNow tile.

    Click the ServiceNow tile

  4. Click the Actions tab to display information for the supported actions.
  5. Click the History tab to display information about the executed actions.

    View the history of executed ServiceNow response actions