ServiceNow Event Collector

Use this integration to fetch audits, syslog transactions, cases, and outbound HTTP logs from ServiceNow as Cortex XSIAM events.

Analytics & SIEM · ServiceNow

Configuration parameters

  • url — ServiceNow URL, in the format https://company.service-now.com/ (required)
  • credentials — Username (required)
  • client_credentials — Client ID
  • api_version — ServiceNow API Version (e.g., 'v1')
  • use_oauth — Use OAuth Login
  • event_types_to_fetch — Event Types To Fetch
  • max_fetch — Maximum audit events to fetch
  • max_fetch_syslog_transactions — Maximum syslog transactions events to fetch
  • max_fetch_case — Maximum case events to fetch
  • max_fetch_outbound_http — Maximum outbound HTTP log events to fetch
  • eventFetchInterval — Events Fetch Interval
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (5)

  • service-now-get-audit-logs

    Returns events extracted from ServiceNow. This command is used for developing/debugging and is to be used with caution, as it can create events, leading to event duplication and exceeding the API request limitation.

  • service-now-get-case-logs

    Returns cases extracted from ServiceNow. This command is used for developing/debugging and is to be used with caution, as it can create events, leading to event duplication and exceeding the API request limitation.

  • service-now-get-outbound-http-logs

    Returns outbound HTTP log events extracted from ServiceNow. This command is used for developing/debugging and is to be used with caution, as it can create events, leading to event duplication and exceeding the API request limitation.

  • service-now-get-syslog-transactions

    Returns syslog transactions events extracted from ServiceNow. This command is used for developing/debugging and is to be used with caution, as it can create events, leading to event duplication and exceeding the API request limitation.

  • service-now-oauth-login

    Generate a refresh token using your existing credentials. Use this command if you encounter access_denied or other errors related to your access token when using OAuth 2.0.