1. Knowledge Base
  2. Implementation/Admin Learning Path

How do I configure a CMDB ServiceNow integration?

Overview

  1. You need a Username and Password to use.
    1. This can be your username and password or a service account created specifically for this integration.
    2. Permissions required
      1. read permissions to the CMDB tables you would like consume
      2. Roles:
        1. cmdb_read
  2. Your organization's ServiceNow admin will need to create an OAuth Application.
    1. Note: This can be the same Application you created for ServiceNow Ticketing
    2. They require some information from you; see below.
    3. They will provide you with a Client Secret and Client ID
  3. You configure the Integration within the NopSec Integrations page.

ServiceNow Configuration

In order to complete the ServiceNow integration a ServiceNow admin is required to create an Oauth Application. You can provide the following steps to your Admin.

  1. Search for OAuth or look for the category of System OAuth in the navigation window
  2. Click on Application Registry
  3. Click ‘New’ to create a new Application 
  4. Select ‘Create an OAuth API endpoint for external clients’
  5. Make sure the following fields are filled out: 
    • Name: A unique name. ex. NopSec
    • Client ID: Client ID is automatically generated by ServiceNow OAuth server.
    • Client Secret: Client secret for the OAuth application. Leave it empty for auto-generation.
    • Refresh Token Lifespan: Time in seconds the Refresh Token will be valid.
    • Access Token Lifespan: Time in seconds the Access Token will be valid.
    • Redirect URL: https://us2.nopsec.com/integrations
  6. Click ‘Submit’ 

Ask your Admin to provide you with the following:

  • Client ID
  • Client Secret

ServiceNow Roles

The default configuration requires the following roles:

  1. cmdb_read

Connect NopSec with ServiceNow 

  1. Login to NopSec 
    1. Your user needs to have the following permissions:
      1. integrations.read
      2. integrations.write 
  2. Click on Integrations
  3. Click on the Target Metadata Tab
  4. Find the ServiceNow CMDB card and click on Add Integration
  5. Configure the following in the Credentials Tab
    • Connection Name : Provide a unique name for this connection. You will use this in the future when creating Destinations and it will be visible to users.
    • URL: This is your ServiceNow URL (e.g. https://instancename-servicenow.com
    • Client ID: Use the Client ID that was generated by ServiceNow for the specific application.
    • Client Secret: Use the Client Secret that was generated by ServiceNow for the specific application.
    • Username: Provide the username used for the account in ServiceNow.
    • Password: Provide the password used for the account in ServiceNow.
  6. Click ‘Save and Connect’

If the integration is successful, a success message will appear in the bottom right corner of the window, and you are ready to begin configuring your Destinations. 

Configure your CMDB Integration

By default, NopSec will capture data from the cmdb_ci_hardware only and no tags will be created.

If you would like to be able to bring in multiple tables and have NopSec correlate them please provide your NopSec Customer Success team with the following:

  • Ordered List of Tables or Database Views
    • If multiple tables are provided, asset data from the tables are joined on the sys_id with duplicate columns being removed. 
    • The order of tables in the list is the order in which they are joined (first table is first, parameters in second that are not found in first are added, etc.) 
    • Database views are synonymous with tables in this api. 
  • List of Tags to create based on your CMDB columns
    • For each CMDB column, you can have associated NopSec targets receive a tag in the following format:
      • Tag Key = CMDB Column Name
      • Tag Value = CMDB Column Value
    • In order to do this, please provide us a list in the following format:
      • [“column1”, “Pretty Name for Column1], [“column2”, ”Pretty Name for Column 2”]

Application Tables (Advanced)

If you would like to ingest SNOW Application Tables and have them correlated with your other CMDB tables you have three options:

  1. Use Database Views
    1. Create a database view in SNOW that does all of the appropriate joins and limits the information brought into NopSec. Then use the database view as a table in the list above.

  1. Link using a specific application table
    1. NopSec can help in this configuration.
    2. Provide the name of the application table & the column to use to match the table with other tables.
      1. This is typically the name of the sys_id column in that application table. 
  1. Link application and business data using the CDSM model outlined in SNOW
    1. If you would like to use the CDSM model outlined by SNOW, let your Customer Success team member know and they can enable that.
    2. In this case, the integration uses the cmdb_rel_ci to join the hardware assets, application data (as given in the cmsb_ci_appl table), application service data (as given in the cmdb_ci_service_auto table) and the business application data (as given in the cmdb_ci_business_app table).