Create a ServiceNow Ticket

Required User Role: Basic User, Scan Operator, Standard User, Scan Manager, Administrator, or Custom Role

Important: The following feature is only available for customers using the Ratio-Based Tenable One or Tenable One Advanced licensing packages. For more information, see Tenable One Foundation / Tenable One Advanced Licensing in the Tenable Licensing Quick Reference Guide.

Within Tenable Exposure Management, you can create tickets based on findings directly from the Findings page. These tickets help you to address vulnerabilities in your environment and ensure work items for vulnerability findings are being created and assigned quickly and effectively.

Tip: For more information about working with ServiceNow in Tenable Exposure Management, including additional resources and frequently asked questions, see the Mobilization Quick-Reference Guide.

Prerequisites

Before you create ServiceNow incidents via Tenable products, you must:

Have a ServiceNow administrator user with the following roles:

ServiceNow Permission	Custom Context	ServiceNow Documentation
canvas_user	Primarily associated with accessing and viewing Configurable Workspaces and pages built with UI Builder. This role provides the necessary permissions to render and interact with the visual structure (the "canvas") of the ServiceNow user interfaces.	Document Intelligence Roles
cmdb_inst_admin	Grants administrative rights specifically for configuring and managing CMDB data integration processes.	Exploring SGC Central
connection_admin	A specialized administrative role focused on managing the security and configuration of external system connections.	Create a Connection Administrator

ServiceNow Permission

Custom Context

ServiceNow Documentation

canvas_user

Primarily associated with accessing and viewing Configurable Workspaces and pages built with UI Builder.

This role provides the necessary permissions to render and interact with the visual structure (the "canvas") of the ServiceNow user interfaces.

Document Intelligence Roles

cmdb_inst_admin

Grants administrative rights specifically for configuring and managing CMDB data integration processes.

Exploring SGC Central

connection_admin

A specialized administrative role focused on managing the security and configuration of external system connections.

Create a Connection Administrator

Perform the following steps to support ServiceNow tags:
1. In ServiceNow, in the upper-right corner, access the user menu.
2. Select Elevate role.
  
  The Elevate role window appears.
3. Select the security_admin check box.
4. Click Update.
5. Add the admin & maint roles to both the label_entry.table and label_entry.table_key write operation ACL records.
Perform the steps to configure ServiceNow for use with the Tenable One Platform.

Note: The Integration Service Account only needs these roles to function: itil or incident_manager to create/update incidents and rest_service for API access.

Create a Ticket

To create a ServiceNow ticket based off of a finding:

In Tenable Exposure Management, access the Findings view.
In the findings list, select the check box next to each finding you want to include in the ticket.
In the upper-right corner of the page, click Take Action.

A drop-down menu appears.
Click Create ServiceNow Ticket.

The Open a ServiceNow Ticket page appears.

Configure the following options:

Option	Description
Aggregation Behavior	Select one of these two options: Create a new incident for each finding Every time a finding appears, a new incident gets created in ServiceNow. New findings create subtasks on an existing incident Every time a finding appears, a child incident gets created on an existing ServiceNow incident.
Parent Incident (optional)	Select the existing ServiceNow incident from the drop-down list. Note: You see this option only if you choose New findings create child incidents on an existing incident.
Caller	The user who originally reported or requested the issue.
Assignment Group	The team or group responsible for managing and resolving the ticket.
Assignee	The individual user currently responsible for resolving the ticket.
Category	A high-level classification of the issue or request, for example, Hardware, Network, Software.
Subcategory	A more detailed breakdown within the selected Category, for example, Laptop, Wireless, OS.
Impact	The measured effect this issue has on the business process or service. Values are Default, High, Medium or Low. Note: Set this to Default to allow the finding severity to set the impact based on your ServiceNow instance configuration. See Configure ServiceNow. You can override it here.
Urgency	The speed required to resolve the issue, based on business needs. Values are Default, High, Medium or Low. Note: Set this to Default to allow the urgency to be set by the finding severity based on your ServiceNow instance configuration. See Configure ServiceNow. You can override it here.
Tags	Any tags or labels you want to apply to the incident.
Short Description	This value is appended to the name of the finding.
Description	Additional descriptive information for this incident.

Click Create Ticket.

Tenable Exposure Management creates the incident within ServiceNow based on the selected finding data. It can take up to 10 minutes to see the updated ticket information in both Tenable Exposure Management and ServiceNow.