Creating a ServiceNow Alert Integration

This article explains how to create an integration between your ServiceNow and Cato account for alerts and system notifications.

Note

Note: Cato is gradually enabling this feature on accounts over a period of several weeks. It is possible that it may not be available in the Cato Management Application for your account.

Overview

The Cato Management Application supports a variety of alerts and notifications for different use-cases and conditions related to your account. You can define an integration with your ServiceNow instance that support webhooks to send alerts and create alert-based automation flows. Cato's ServiceNow integration supports customizable HTTP headers and messages in the alert to meet the specific needs of your organization.

Creating ServiceNow Integrations

When you create a ServiceNow integration, you need to provide the URL for the service that is receiving the alert via the webhook with the correct authentication details. You have the option to configure custom HTTP headers for the integration. The message body is populated by default with a JSON file format that is compatible with ServiceNow. You also have the option to customize the body to meet the specific requirements of your organization.

If you choose to customize the body, there are a number of data fields that you can use in the message content. So you can define custom body (or structure), and then embed the Cato data fields. When you enter $, the available data fields are displayed and then select the required field. The fields use auto-complete to filter the list. For more information about the Cato fields, see Understanding the JSON Fields for Alert Integrations.

Webhooks_page.png

To create a ServiceNow integration:

  1. From the navigation menu, click Administration > Subscriptions and select the Integrations tab.

  2. Click New Integration > ServiceNow. The New ServiceNow Integration panel opens.

  3. Configure these integration settings:

    1. Enter the integration Name.

    2. Click the slider to enable (green) or disable (gray) the integration (it's enabled by default).

  4. Configure the Connection Details:

    1. Enter the webhook URL for the ServiceNow account that is receiving the alert.

    2. Configure the Authentication Method and settings for the ServiceNow instance.

    3. Click Test. If the integration can connect to the service, then a Test passed successfully message is displayed.

      If there's a connection error, the page displays the HTTP error code and message reported by the service.

  5. (Optional) In Custom Headers, define the Key and Value for each additional HTTP header for the integration.

  6. (Optional) In Custom Body, customize the content of the ServiceNow alert:

    • Enter $ to embed other fields

    • Enter / as the escape character

  7. Click Save. The ServiceNow integration is saved and added to the Integrations page.

Defining Policy Notifications with ServiceNow Integrations

Cato Security policies let you send notifications when a rule is matched. You can configure the Track settings to send notifications to a specific integration or to a Subscription Group that contains the integration.

rule_webhook.png

To define a ServiceNow notification for a rule:

  1. In the relevant policy, edit the rule and expand the Actions section.

  2. Select Send Notification.

  3. Define the Frequency for how often the alert is sent.

  4. In Send notification to, select Subscription Group or Integration and select the relevant item.

  5. Click Apply, and then click Save.

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment