ServiceNow Change Management

If you are using a PAN-OS/Panorama firewall and ServiceNow as a ticketing system this playbook is a perfect match for your change management for firewall process. This playbook is triggered by a fetch from ServiceNow and will help you manage and automate your change management process.

Change Management · 23 tasks · 24 inputs · 0 outputs

Inputs

  • TicketSummary — Provide a summary for your firewall request.
  • SecurityTeamEmail — The email address of the security team that approves the firewall requests.
  • log_type — Log type to query. Can be: traffic, threat, wildfire, url, or data-filtering.
  • query — The query string by which to match criteria for the logs. This is similar to the query provided in the web interface under the Monitor tab when viewing the logs.
  • addr-src — Source address.
  • addr-dst — Destination address.
  • port-dst — Destination port.
  • TestConfigurations — By providing YES to this input the requested firewall rule will be tested in your test environment.
  • zone-src — Firewall source zone.
  • zone-dst — Firewall destination zone.
  • TestInstance — The instance name of the firewall in the DEV environment for testing the new rule.
  • Action — The action for the change request.
  • Protocol — The IP protocol.
  • Log_forwarding — Log forwarding profile.
  • Profile_setting — A profile setting group.
  • Service — A comma-separated list of service object names for the rule.
  • Application — A comma-separated list of application object names for the rule to create.
  • Rulename — Name of the rule to create.
  • Description — Set the description of the ticket.
  • Time-generated — The time the log was generated from the timestamp and prior to it. For example: "2019/08/11 01:10:44".
  • Rule_position — Pre rule or Post rule (Panorama instances). Possible options: - post-rulebase - pre-rulebase
  • Target — Target number of the firewall. Use only for a Panorama instance.
  • Vsys — Target number of the firewall. Use only for a Panorama instance.
  • Limit — Maximum number of API requests that the PanoramaSecurityPolicyMatchWrapper script will send. The default is 500.

Commands used

closeInvestigation pan-os-create-rule servicenow-add-link servicenow-update-ticket servicenow-upload-file setIncident

Flowchart

yes yes Approve Reject Approve Reject Start Start Done Done Deploy the configuration to a test environment - pan-os-create-rule Deploy the configuration ... pan-os-create-rule Panorama Query Logs - Panorama Query Logs Panorama Query Logs Panorama Query Logs Test configuration? Test configuration? export to CSV - ExportToCSV export to CSV ExportToCSV Upload logs to ServiceNow - servicenow-upload-file Upload logs to ServiceNow servicenow-upload-file PAN-OS create or edit policy - PAN-OS create or edit policy PAN-OS create or edit policy PAN-OS create or edit policy Ask for FW change request review Ask for FW change request... Ask security team to review the test results Ask security team to revi... Add Cortex XSOAR link to ticket - servicenow-add-link Add Cortex XSOAR link to ... servicenow-add-link Details for ServiceNow Details for ServiceNow Close ServiceNow ticket - servicenow-update-ticket Close ServiceNow ticket servicenow-update-ticket Close XSOAR incident - closeInvestigation Close XSOAR incident closeInvestigation Notify the request owner to validate the change Notify the request owner ... Are there logs? Are there logs? Update incident state - setIncident Update incident state setIncident Update incident state - setIncident Update incident state setIncident Update incident state - setIncident Update incident state setIncident Update incident state - setIncident Update incident state setIncident Update incident state - setIncident Update incident state setIncident Was the request approved? Was the request approved? Did the test pass in the DEV environment? Did the test pass in the ...