Skip to main content

ServiceNow Generic Feed

Download With Dependencies

This pack contains an integration that can be used to pull indicators from ServiceNow CMDB and put them inside the TIM with the option to provide tagging.

What does this pack do?

  • Enables users to fetch Indicators from ServiceNow platform into Cortex XSIAM.
  • Add indicators form ServiceNow directly in to the XSIAM TIM.
  • Tag indicators that are added into the TIM.
  • Query ServiceNow data with the ServiceNow query URL.

Pack Contributors:


  • Anshumaan Mishra

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

What does this pack do?

  • Enables users to fetch Indicators from ServiceNow platform into Cortex XSIAM.
  • Add indicators form ServiceNow directly in to the XSIAM TIM.
  • Tag indicators that are added into the TIM.
  • Query ServiceNow data with the ServiceNow query URL.

Supported Indicator Types

"""Type of Indicator (Reputations), used in TIP integrations"""

  • Account = "Account"
  • CVE = "CVE"
  • Domain = "Domain"
  • DomainGlob = "DomainGlob"
  • Email = "Email"
  • File = "File"
  • FQDN = "Domain"
  • MD5 = "File MD5"
  • SHA1 = "File SHA-1"
  • SHA256 = "File SHA-256"
  • Host = "Host"
  • IP = "IP"
  • CIDR = "CIDR"
  • IPv6 = "IPv6"
  • IPv6CIDR = "IPv6CIDR"
  • Registry = "Registry Key"
  • SSDeep = "ssdeep"
  • URL = "URL"

Configure ServiceNow Generic Feed Indicator on XSIAM Tenant

  1. Go to Settings > Configurations > Automation & Feed Integrations.
  2. Search for ServiceNow Generic Feed
  3. Click Add instance.
  4. Insert the ServiceNow URL.
  5. Insert your credentials (user name and password).
  6. Scroll down to the Collect section.
  7. Mark Fetch Indicators and select the desire event types to fetch

Pack Contributors:


  • Anshumaan Mishra

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported ByCommunity
CreatedApril 20, 2026
Last ReleaseApril 20, 2026
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.