Skip to main content

ServiceNow Generic Feed

Details
Content
Dependencies
Version History

Download With Dependencies

This pack contains an integration that can be used to pull indicators from ServiceNow CMDB and put them inside the TIM with the option to provide tagging.

What does this pack do?

Enables users to fetch Indicators from ServiceNow platform into Cortex XSIAM.
Add indicators form ServiceNow directly in to the XSIAM TIM.
Tag indicators that are added into the TIM.
Query ServiceNow data with the ServiceNow query URL.

Pack Contributors:

Anshumaan Mishra

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

What does this pack do?

Enables users to fetch Indicators from ServiceNow platform into Cortex XSIAM.
Add indicators form ServiceNow directly in to the XSIAM TIM.
Tag indicators that are added into the TIM.
Query ServiceNow data with the ServiceNow query URL.

Supported Indicator Types

"""Type of Indicator (Reputations), used in TIP integrations"""

Account = "Account"
CVE = "CVE"
Domain = "Domain"
DomainGlob = "DomainGlob"
Email = "Email"
File = "File"
FQDN = "Domain"
MD5 = "File MD5"
SHA1 = "File SHA-1"
SHA256 = "File SHA-256"
Host = "Host"
IP = "IP"
CIDR = "CIDR"
IPv6 = "IPv6"
IPv6CIDR = "IPv6CIDR"
Registry = "Registry Key"
SSDeep = "ssdeep"
URL = "URL"

Configure ServiceNow Generic Feed Indicator on XSIAM Tenant

Go to Settings > Configurations > Automation & Feed Integrations.
Search for ServiceNow Generic Feed
Click Add instance.
Insert the ServiceNow URL.
Insert your credentials (user name and password).
Scroll down to the Collect section.
Mark Fetch Indicators and select the desire event types to fetch

Pack Contributors:

Anshumaan Mishra

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Integrations

Name	Description
ServiceNow Generic Feed (Community Contribution)	This is a feed integration for extracting indicators from ServiceNow.

Integrations

Name	Description
ServiceNow Generic Feed (Community Contribution)	This is a feed integration for extracting indicators from ServiceNow.

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

PUBLISHER

North Dakota Information Technology

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	April 20, 2026
Last Release	April 20, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

ServiceNow Generic Feed

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.