Details
Content
Dependencies
Version History

Use The ServiceNow IT Service Management (ITSM) solution to modernize the way you manage and deliver services to your users.

Cortex XSOAR interfaces with ServiceNow to help streamline security-related service management and IT operations.

The data in ServiceNow tickets can be mirrored to Cortex XSOAR so that you can track the status and information in the task.
You can also provide comments or attachments in XSOAR which will appear in ServiceNow.

What does this pack do?

View, create, update, or delete a ServiceNow ticket directly from the Cortex XSOAR and enrich it with Cortex XSOAR data.
View, create, update, and delete records from any ServiceNow table.
Query ServiceNow data with the ServiceNow query syntax.

As part of this pack, you will also get 2 out-of-the-box layouts so that you can visualize ServiceNow ticket information in Cortex XSOAR.

The Create ServiceNow Ticket playbook provides an example for how to use the Mirror ServiceNow Ticket playbook to mirror data and ServiceNow Ticket State Polling sub-playbook to track when the ticket closes.

Pack Contributors:

Torbjørn Lium

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Cortex XSIAM interfaces with ServiceNow to help streamline security-related service management and IT operations.

The data in ServiceNow tickets can be mirrored to Cortex XSIAM so that you can track the status and information in the task.
You can also provide comments or attachments in XSOAR which will appear in ServiceNow.

What does this pack do?

View, create, update, or delete a ServiceNow ticket directly from the Cortex XSIAM and enrich it with Cortex XSIAM data.
View, create, update, and delete records from any ServiceNow table.
Query ServiceNow data with the ServiceNow query syntax.

As part of this pack, you will also get 2 out-of-the-box layouts so that you can visualize ServiceNow ticket information in Cortex XSIAM.

Pack Contributors:

Torbjørn Lium

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Automations

Name	Description
ServiceNowCreateIncident	This script is used to wrap the generic create-record command in ServiceNow. You can add fields that you want to create the record with as script arguments or in the code and work with the records easily.
ServiceNowUpdateIncident	This script is used to wrap the generic update-record command in ServiceNow. You can add fields that you want to update the record with as script arguments or in the code and work with the records easily.
ServiceNowIncidentStatus	populates the value of the ServiceNow Ticket State field and display it in a layout widget.
ServiceNowQueryIncident	This script is used to wrap the generic query-table command in ServiceNow. You can add fields that you want to use as inputs and outputs from the record as script arguments or in the code and work with the records easily.
ServiceNowAddComment	Use this script to add a comment or work note to a ServiceNow ticket. To be run within the incident.

Classifiers

Name	Description
ServiceNow Classifier	Classifies ServiceNow tickets.
User Profile - ServiceNow (Incoming)	Maps a ServiceNow user data to a User Profile data.
User Profile - ServiceNow (Outgoing)	Maps a User Profile data to a ServiceNow user data.
ServiceNow - Incoming Mapper	Maps incoming ServiceNow incidents fields.
ServiceNow Create Ticket - Incoming Mapper	Maps incoming ServiceNow incidents fields for ServiceNow create ticket and mirror playbook
ServiceNow - Outgoing Mapper	Maps outgoing ServiceNow incident Fields.
ServiceNow Create Ticket - Outgoing Mapper	Maps outgoing ServiceNow incidents fields for ServiceNow create ticket and mirror playbook

Incident Fields

Name	Description
ServiceNow Resolution Notes	ServiceNow Resolution Notes
ServiceNow Urgency	ServiceNow ticket urgency.
ServiceNow Closed Date	The ticket closed date
ServiceNow Escalation	ServiceNow Escalation
ServiceNow Description	Ticket description
ServiceNow State	The ticket state
ServiceNow Ticket Number	ServiceNow Ticket Number
ServiceNow Due Date	ServiceNow Due Date
ServiceNow Ticket ID
ServiceNow Business Impact	ServiceNow ticket Business Impact
ServiceNow Opened Date	The ticket opened date
ServiceNow Caller	ServiceNow Caller who opened the ticket.
ServiceNow Resolved Time	The ticket resolved time
ServiceNow SIR Category	ServiceNow SIR Category
ServiceNow Resolution Code	Resolution Code Of ServiceNow Ticket
ServiceNow SIR State	The SIR ticket state
ServiceNow Closed By	User who closed ServiceNow Incident
ServiceNow Priority	ServiceNow Ticket Priority
ServiceNow Category	ServiceNow Category
ServiceNow Notify
ServiceNow Assignment Group	ServiceNow Assignment Group
ServiceNow Assigned To	Ticket assignee
ServiceNow Attack Vector
ServiceNow Caller ID	ServiceNow Caller who opened the ticket.
ServiceNow Impact	ServiceNow ticket Impact
ServiceNow Severity	ServiceNow Severity

Incident Types

Name	Description
ServiceNow SIR Incident
ServiceNow Create Ticket and Mirror
ServiceNow Ticket

Integrations

Name	Description
ServiceNow IAM	Integrate with ServiceNow's services to execute CRUD operations for employee lifecycle processes.
ServiceNow v2	Use The ServiceNow IT Service Management (ITSM) solution to modernize the way you manage and deliver services to your users.
ServiceNow (Deprecated)	Deprecated. Use the ServiceNow v2 integration instead.
ServiceNow CMDB	ServiceNow CMDB is a service‑centric foundation that proactively analyzes service‑impacting changes, identifies issues, and eliminates outages.

Layouts

Name	Description
ServiceNow Create Ticket and Mirror
ServiceNow Ticket
ServiceNow SIR Incident

Playbooks

Name	Description
ServiceNow CMDB Search	Subplaybook for finding CI records in ServiceNow CMDB.
Create ServiceNow Ticket	Create ServiceNow Ticket allows you to open new tickets as a task from a parent playbook. When creating the ticket, you can decide to update based on on the ticket's state, which will wait for the ticket to resolve or close with StatePolling. Alternatively, you can select to mirror the ServiceNow ticket and incident fields. To apply either of these options, set the SyncTicket value in the playbook inputs to one of the following options: StatePolling Mirror Leave Blank to use none.
Mirror ServiceNow Ticket	Mirror ServiceNow Ticket is designed to serve as a sub-playbook, which enables ticket mirroring with ServiceNow. It enables you to manage ServiceNow tickets in Cortex xSOAR while data is continuously synced between ServiceNow and Cortex xSOAR, including ServiceNow schema, fields, comments, work notes, and attachments. To enable OOTB mirroring, use the ServiceNow Create ticket - common mappers for incoming and outgoing mirroring. FieldPolling - You can the FieldPolling value to true if you only want to be informed when the ticket is resolved or closed. If FieldPolling is set to true, the FieldPolling Playbook will poll for the state(ServiceNow State field) of the ServiceNow ticket until it marks as either resolved or closed. In Addition to the playbook, we recommend that you use the included layout for ServiceNow Ticket, which helps visualize ServiceNow ticket information in Cortex xSOAR. You can add the new layout as a tab to existing layouts using the Edit Layout page.
ServiceNow - Ticket Management	`ServiceNow - Ticket Management` allows you to open a new ticket or comment on an existing ticket.
ServiceNow Ticket State Polling	Use ServiceNow Incident State Polling as a sub-playbook when required to pause the execution of a master playbook until the ServiceNow ticket state is either resolved or closed. This playbook implements polling by continuously running the servicenow-get-ticket command until the state is either resolved or closed.

Automations

Name	Description
ServiceNowCreateIncident	This script is used to wrap the generic create-record command in ServiceNow. You can add fields that you want to create the record with as script arguments or in the code and work with the records easily.
ServiceNowAddComment	Use this script to add a comment or work note to a ServiceNow ticket. To be run within the incident.
ServiceNowQueryIncident	This script is used to wrap the generic query-table command in ServiceNow. You can add fields that you want to use as inputs and outputs from the record as script arguments or in the code and work with the records easily.
ServiceNowIncidentStatus	populates the value of the ServiceNow Ticket State field and display it in a layout widget.
ServiceNowUpdateIncident	This script is used to wrap the generic update-record command in ServiceNow. You can add fields that you want to update the record with as script arguments or in the code and work with the records easily.

Classifiers

Name	Description
ServiceNow Classifier	Classifies ServiceNow tickets.
ServiceNow Create Ticket - Incoming Mapper	Maps incoming ServiceNow incidents fields for ServiceNow create ticket and mirror playbook
User Profile - ServiceNow (Incoming)	Maps a ServiceNow user data to a User Profile data.
ServiceNow Create Ticket - Outgoing Mapper	Maps outgoing ServiceNow incidents fields for ServiceNow create ticket and mirror playbook
ServiceNow - Incoming Mapper	Maps incoming ServiceNow incidents fields.
User Profile - ServiceNow (Outgoing)	Maps a User Profile data to a ServiceNow user data.
ServiceNow - Outgoing Mapper	Maps outgoing ServiceNow incident Fields.

Incident Fields

Name	Description
ServiceNow Escalation	ServiceNow Escalation
ServiceNow Severity	ServiceNow Severity
ServiceNow Description	Ticket description
ServiceNow Attack Vector
ServiceNow Resolution Notes	ServiceNow Resolution Notes
ServiceNow Closed Date	The ticket closed date
ServiceNow Closed By	User who closed ServiceNow Incident
ServiceNow Assigned To	Ticket assignee
ServiceNow Resolution Code	Resolution Code Of ServiceNow Ticket
ServiceNow Resolved Time	The ticket resolved time
ServiceNow Assignment Group	ServiceNow Assignment Group
ServiceNow Ticket Number	ServiceNow Ticket Number
ServiceNow Due Date	ServiceNow Due Date
ServiceNow Caller	ServiceNow Caller who opened the ticket.
ServiceNow SIR State	The SIR ticket state
ServiceNow Priority	ServiceNow Ticket Priority
ServiceNow Ticket ID
ServiceNow Caller ID	ServiceNow Caller who opened the ticket.
ServiceNow Impact	ServiceNow ticket Impact
ServiceNow SIR Category	ServiceNow SIR Category
ServiceNow Business Impact	ServiceNow ticket Business Impact
ServiceNow Notify
ServiceNow Urgency	ServiceNow ticket urgency.
ServiceNow State	The ticket state

Incident Types

Name	Description
ServiceNow Create Ticket and Mirror
ServiceNow SIR Incident
ServiceNow Ticket

Integrations

Name	Description
ServiceNow v2	Use The ServiceNow IT Service Management (ITSM) solution to modernize the way you manage and deliver services to your users.
ServiceNow IAM	Integrate with ServiceNow's services to execute CRUD operations for employee lifecycle processes.
ServiceNow (Deprecated)	Deprecated. Use the ServiceNow v2 integration instead.
ServiceNow Event Collector	Use this integration to fetch audit and syslog transactions logs from ServiceNow as Cortex XSIAM events.
ServiceNow CMDB	ServiceNow CMDB is a service‑centric foundation that proactively analyzes service‑impacting changes, identifies issues, and eliminates outages.

Modeling Rules

Name	Description
ServiceNow ServiceNow Modeling Rule

Playbooks

Name	Description
ServiceNow CMDB Search	Subplaybook for finding CI records in ServiceNow CMDB.
Mirror ServiceNow Ticket	Mirror ServiceNow Ticket is designed to serve as a sub-playbook, which enables ticket mirroring with ServiceNow. It enables you to manage ServiceNow tickets in Cortex XSIAM while data is continuously synced between ServiceNow and Cortex XSIAM, including ServiceNow schema, fields, comments, work notes, and attachments. To enable OOTB mirroring, use the ServiceNow Create ticket - common mappers for incoming and outgoing mirroring. FieldPolling - You can the FieldPolling value to true if you only want to be informed when the ticket is resolved or closed. If FieldPolling is set to true, the FieldPolling Playbook will poll for the state(ServiceNow State field) of the ServiceNow ticket until it marks as either resolved or closed. In Addition to the playbook, we recommend that you use the included layout for ServiceNow Ticket, which helps visualize ServiceNow ticket information in Cortex XSIAM. You can add the new layout as a tab to existing layouts using the Edit Layout page.
Create ServiceNow Ticket	Create ServiceNow Ticket allows you to open new tickets as a task from a parent playbook. When creating the ticket, you can decide to update based on on the ticket's state, which will wait for the ticket to resolve or close with StatePolling. Alternatively, you can select to mirror the ServiceNow ticket and alert fields. To apply either of these options, set the SyncTicket value in the playbook inputs to one of the following options: StatePolling Mirror Leave Blank to use none.
ServiceNow - Ticket Management	`ServiceNow - Ticket Management` allows you to open a new ticket or comment on an existing ticket.
ServiceNow Ticket State Polling	Use ServiceNow Alert State Polling as a sub-playbook when required to pause the execution of a master playbook until the ServiceNow ticket state is either resolved or closed. This playbook implements polling by continuously running the servicenow-get-ticket command until the state is either resolved or closed.

Required Content Packs (4)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (6)

Pack Name	Pack By
Rasterize	By: Cortex XSOAR
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR

2.7.0 - 1666862 (November 18, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 36880

Download

2.6.14 - 1647729 (November 14, 2024)

Integrations

ServiceNow v2

Updated the Docker image to: demisto/python3:3.11.10.115186.

Scripts

ServiceNowAddComment

Updated the Docker image to: demisto/python3:3.11.10.115186.

ServiceNowUpdateIncident

Updated the Docker image to: demisto/python3:3.11.10.115186.

ServiceNowCreateIncident

Updated the Docker image to: demisto/python3:3.11.10.115186.

ServiceNowQueryIncident

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

2.6.13 - R1631266 (November 12, 2024)

Integrations

ServiceNow IAM

Updated the Docker image to: demisto/python3:3.11.10.113941.

ServiceNow CMDB

Updated the Docker image to: demisto/python3:3.11.10.113941.

Scripts

ServiceNowIncidentStatus

Updated the Docker image to: demisto/python3:3.11.10.113941.

ServiceNowQueryIncident

Updated the Docker image to: demisto/python3:3.11.10.113941.

ServiceNowUpdateIncident

Updated the Docker image to: demisto/python3:3.11.10.113941.

ServiceNowCreateIncident

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997

Download

2.6.12 - 1584792 (November 3, 2024)

Integrations

ServiceNow v2

Updated the docker image to: demisto/python3:3.11.10.113941.
Added the servicenow-get-attachments command, which retrieves attachments from tickets.
Fixed an issue where in some cases the access token could not be retrieved.

Related pull requests:
- 37025

Download

2.6.10 - 1559973 (October 29, 2024)

Scripts

ServiceNowAddComment

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 36826

Download

2.6.9 - 1414617 (September 22, 2024)

Integrations

ServiceNow v2

Documentation and metadata improvements.

Related pull requests:
- 36275

Download

2.6.8 - 1373264 (September 11, 2024)

Integrations

ServiceNow v2

Documentation and metadata improvements.

ServiceNow CMDB

Documentation and metadata improvements.

2.6.2 - R1051712 (May 28, 2024)

ServiceNow

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34212

Download

2.6.1 - R958204 (April 15, 2024)

Integrations

ServiceNow v2

Fixed an issue in servicenow-update-ticket, where ticket_type had an interfering default value.

Related pull requests:
- 33840

Download

2.6.0 - 951066 (April 11, 2024)

Fixed an issue where the default ticket_type was not taken from the instance configuration.
Updated the Docker image to: demisto/python3:3.10.14.90585.

Scripts

ServiceNowAddComment

Fixed an issue where the default ticket_type was not taken from the instance configuration.
Updated the Docker image to: demisto/python3:3.10.14.90585.

Related pull requests:
- 33524

Download

2.5.62 - 913451 (March 25, 2024)

Integrations

ServiceNow CMDB

Maintenance and stability enhancements.
Updated the Docker image to: demisto/python3:3.10.13.89873.

ServiceNow IAM

Maintenance and stability enhancements.
Updated the Docker image to: demisto/python3:3.10.13.89873.

Related pull requests:
- 31905

Download

2.5.61 - 909962 (March 24, 2024)

Integrations

ServiceNow v2

Added a new command servicenow-delete-file to delete attachment file from a ticket.

Related pull requests:
- 33365

Download

2.5.60 - 897231 (March 18, 2024)

Integrations

ServiceNow v2

Fixed an issue where the get-remote-data (mirroring) command was not returning the display values for all fields when the Use display values option was enabled.
Updated the Docker image to: demisto/python3:3.10.13.89009.

Mappers

ServiceNow - Incoming Mapper

Fixed an issue in the ServiceNow incoming mapper where the severity field was not being mapped correctly from ServiceNow.

Related pull requests:
- 33341

Download

2.5.59 - 891799 (March 14, 2024)

Integrations

ServiceNow v2

Fixed an issue where the default value of table_name was not taken from the instance configuration.

Scripts

ServiceNowAddComment

Fixed an issue where the default value of table_name was not taken from the instance configuration.
Updated the Docker image to: demisto/python3:3.10.13.89009.

Related pull requests:
- 33228

Download

2.5.58 - 890229 (March 14, 2024)

Integrations

ServiceNow v2

Added the add_as_entry argument to the servicenow-get-ticket-notes command to optionally add ticket notes and work notes as notes in the War Room.
Updated the Docker image to: demisto/python3:3.10.13.89009.

Related pull requests:
- 33319

Download

2.5.57 - 867923 (March 4, 2024)

Integrations

ServiceNow v2

Added support for a new time format: mmm-dd-yyyy i.e., Dec-07-2022 00:38:52.

Related pull requests:
- 33124

Download

2.5.56 - 865942 (March 4, 2024)

Integrations

ServiceNow v2

Fixed an issue where the Instance Date Format was not properly set for the fetch incidents.
Updated the Docker image to: demisto/python3:3.10.13.88772.

Related pull requests:
- 33058

Download

2.5.55 - 846375 (February 22, 2024)

Integrations

ServiceNow v2

Fixed an issue where mirroring did not update fields that were updated before adding the mirroring fields to the incident.

Related pull requests:
- 33065

Download

2.5.54 - 841209 (February 20, 2024)

Integrations

ServiceNow v2

Fixed an issue where the servicenow-upload-file command failed in case the file name contained invalid characters.
Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32990

Download

2.5.53 - 836299 (February 18, 2024)

Scripts

ServiceNowIncidentStatus

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32446

Download

2.5.52 - R828628 (February 14, 2024)

Integrations

ServiceNow v2

Added the argument force_default_url to the command servicenow-create-co-from-template, which will ignore the api version configured in the instance configuration when set to true.
Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32505

Download

2.5.51 - 784509 (January 25, 2024)

Integrations

ServiceNow v2

Fixed an issue where the Use Display Value parameter would not be used while fetching incidents.
Updated the Docker image to: demisto/python3:3.10.13.85667.

Related pull requests:
- 32372

Download

2.5.50 - 778227 (January 22, 2024)

ServiceNow

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 32331

Download

2.5.49 - 741559 (January 4, 2024)

Integrations

ServiceNow v2

Fixed an issue where in some cases the incoming mirroring delete the assigned user when the update times weren't synced.

Related pull requests:
- 31351

Download

2.5.48 - 7187156 (December 17, 2023)

Integrations

ServiceNow v2

Fixed an issue with the outgoing mirroring functionality where newly created tickets were incorrectly closed.
Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31194

Download

2.5.47 - 7153835 (December 13, 2023)

Scripts

ServiceNowUpdateIncident

Updated the Docker image to: demisto/python3:3.10.13.83255.

ServiceNowQueryIncident

Updated the Docker image to: demisto/python3:3.10.13.83255.

ServiceNowCreateIncident

Updated the Docker image to: demisto/python3:3.10.13.83255.

ServiceNowAddComment

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31439

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	July 7, 2020
Last Release	November 18, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.