Create a ServiceNow Ticket

Required User Role: Basic, Scan Operator, Standard, Scan Manager, Administrator, or Custom Role

Within Tenable Exposure Management, you can create tickets based on findings directly from the Findings page. These tickets help you to address vulnerabilities in your environment and ensure work items for vulnerability findings are being created and assigned quickly and effectively.

Tip: For more information, see Bi-directional Incident Ticketing Integrations in the ServiceNow documentation.

To create a ServiceNow ticket based off of a finding:

  1. In Tenable Exposure Management, access the Findings view.

  2. In the findings list, select the check box next to each finding you want to include in the ticket.

  3. In the upper-right corner of the page, click Take Action.

    A drop-down menu appears.

  4. Click Create ServiceNow Ticket.

    The Open a ServiceNow Ticket page appears.

  5. From the Aggregation Behavior drop-down box, select how you want Tenable Exposure Management to aggregate tickets for the finding:

    • Create a new incident for each finding — Every time a finding appears, an incident gets created in ServiceNow.

      The configuration options on the page update based on your selection.

      1. Configure the incident creation options:

        Option Description
        Business Impact text box Type a description of the impact associated with the incident and how it may affect your business.
        Notify drop-down box Select the method by which you want to notify users of updates to the incident, for example Send Email or Do Not Notify.
        Parent Incident text box Type the existing ServiceNow incident under which you want new incidents to be created.
        Caused by Change drop-down box Where applicable, select the change that causes the incident creation.
        Severity drop-down box Select the severity you want to assign to the incident, for example, 3 - Low or 1 - High.
        Category drop-down box Select the category you want to assign to the incident, for example Software or Network.
        Origin drop-down box Select the origin of the incident.
        Resolved text box Type the date at which the incident must be resolved. Optionally, click the button and select a date from the calendar.
        Probable Cause text box Type a description of the likely cause of the incident.
        Caller drop-down box Select the user who originally reported or requested the incident.
        Change Request drop-down box Where applicable, select the change request you want to associate with the incident.
        Subcategory drop-down box Select the subcategory you want to assign to the incident, for example Antivirus or CPU.
        Incident State drop-down box Select the state of the incident, for example New, In Progress, or On Hold.
        Origin table text box Where applicable, type the name of the origin table associated with the incident.
        On hold reason drop-down box Where applicable, select the reason the initiative is currently on hold, for example Awaiting Caller or Awaiting Vendor.
        Reopen count text box Where applicable, type the number of times the incident has been reopened since it was first created.
        Problem drop-down box Where applicable, select the problem you want to assign to the incident.
        Child Incidents text box Where applicable, type the name of any child incidents you want to associate with the incident.
        Resolved by drop-down box Where applicable, select the user who resolved the incident.
        Assignment Group drop-down box Select the assignment group you want to assign to the incident, for example Incident Management or Problem Analyzers.
        Assigned to drop-down box Select the user to which you want to assign the incident.

    • New findings create task incident on an existing ticket — Every time a finding appears, a task incident gets created on an existing ServiceNow ticket.

      The configuration options on the page update based on your selection.

      1. In the Existing ServiceNow Incident/Problem text box, type the existing ServiceNow incident or problem on which you want task incidents to be created.

      2. Configure the task incident creation options.These can include, but are not limited to:

        Option Description
        Contract drop-down box Where applicable, select the contract you want to associate with the task incident.
        Work notes list drop-down box Where applicable, select the work notes list you want to associate with the task incident.
        Priority drop-down box Select the priority you want to assign to the task incident, for example, Low or High.
        Reassignment count text box Where applicable, type the number of times the task incident has been reassigned since it was first created.
        Task type drop-down box Select the type you want to assign to the task incident.
        Assignment Group drop-down box Select the assignment group you want to assign to the task incident, for example Incident Management or Problem Analyzers.
        Due Date text box Type the date at which the work for the task incident is due. Optionally, click the button and select a date from the calendar.
        Approval drop-down box Select the approval required for the task incident.
        Expected Start text box Type the date at which the work for the task incident is expected to start. Optionally, click the button and select a date from the calendar.

  6. Click Create Ticket.

    Tenable Exposure Management creates the incident within ServiceNow based on the selected finding data. It can take up to 10 minutes to see the updated ticket information in both Tenable Exposure Management and ServiceNow.