Reporting Incidents to ServiceNow
Huntress can report incidents and remediation recommendations directly to your ServiceNow ticket queue. This is a two-part process that involves:
- Creating the ServiceNow API and retrieving credentials
- Creating a role for incident reporting in ServiceNow
Creating the ServiceNow API and retrieving credentials
1. Log in to your Huntress dashboard with your admin account
2.Click on the menu in the upper-right corner and select integrations
3. Click the "Add" button in the upper right of the integrations page
4. Choose "ServiceNow" integration under Incident Reporting. ServiceNow is considered Beta
5. An OAuth integration will need to be set up in order to utilize ServiceNow. after clicking on ServiceNow there are multiple fields that need to be filled in. The Instance ID, Client ID, and the Client Secret are necessary for Huntress to connect via OAuth. The Username and Password will come into play later when the user and role are setup in ServiceNow to receive incidents from Huntress.
6. Retrieve the Instance ID from ServiceNow
On the browser homepage of the ServiceNow account, the ID will be in the URL between "https://" and ".service-now.com"
Copy and paste the ID in the "Instance ID" field on the Huntress Integrations page
7. Creating the OAuth Integration
There is a search bar located in the top left of the menu. Search for "OAuth" and then select "Application Registry" under System OAuth.
Name the Application "Huntress"
Click "Submit" in the upper right corner
Huntress should now appear on the Application Registry page
Selecting Huntress will bring you back to the OAuth API creation page. If the Client Secret was kept blank, and ServiceNow created it automatically, clicking on the lock icon to the right will show the generated secret key
11. On the OAuth page copy the Client ID and the Client Secret to paste into the Huntress Integration setup page
Creating a role in ServiceNow for incident reporting
1. For the Username field, a user will need to be created in ServiceNow. Navigate back to the ServiceNow dashboard and select User Administration.
3. The only fields that need to be filled in are User ID, First name, Last name, and password. It is recommended to make the User ID and name something easily recognizable such as "Huntress API". Create a passcode and make sure the boxes next to "Active" and "web service access only" are checked off, then click Submit.
4. Now that the user has been created, a role needs to be assigned in order for it to create incidents. This step is important. If the user is not assigned the appropriate role tickets from Huntress will not be received.
Search for the user
Once on the User page, select the "Roles" tab and "Edit"
2. Once On the roles page enter sn_incident in the search bar. Select incident write and move it to the User roles column on the right, then save. Setting this role will automatically assign all roles necessary for incident reports to be sent.
3. After the user is created, enter the Username and password on the Huntress Integration setup page and select "Add"
If the integration was set up correctly, there will be a green checkmark in the Status column for ServiceNow. If your connection was successful, congratulations! Huntress can now directly report incidents and remediation recommendations to your ServiceNow PSA. If your connection failed, select the pencil icon to edit your integration's settings. If you have any trouble getting this setup, don't hesitate to drop us an email.
When Huntress sends incidents to ServiceNow they will be put in the incidents under "Service Desk"