TOC & Recently Viewed

Recently Viewed Topics

Before You Begin

You must complete the following steps before you can use the Tenable for ServiceNow application.

In ServiceNow

Tenable suggests you work with your internal ServiceNow Administrator or ServiceNow Consultant to help setup the apps and to follow ServiceNow’s process for development which uses a develop > test > production model:

  • Install your development instance.
  • Create any modifications using update sets.
  • Install the applications on a test environment and promote those update set changes for QA.
  • Once QA has approved the changes, install in the Tenable apps on a production environment and apply the update sets. Depending on your development team, you may need to activate the connectors and import jobs.

ServiceNow MID Server

The ServiceNow MID Server application facilitates communication and movement of data between the platform and external applications, data sources, and services. There can be several MID servers in an environment with some dedicated for development/testing and others dedicated to production. If your Tenable.sc resides behind a firewall on your internal network, you must use the MID server to access its data.

ServiceNow Scoped Application

Application scoping protects applications by identifying and restricting access to application files and data. For more information, see https://docs.servicenow.com/bundle/madrid-application-development/page/build/applications/concept/c_ApplicationScope.html#c_ApplicationScope.

Enabling the Application picker under the developer tab in the ServiceNow UI configuration menu simplifies the Tenable for ServiceNow application configuration. For more information, see https://docs.servicenow.com/bundle/madrid-platform-user-interface/page/administer/navigation-and-ui/reference/r_UI16BannerFrame.html

In Tenable

Tenable suggests creating individual ServiceNow users in Tenable.io/Tenable.sc for each of the instances. This can help prevent user request/api collisions of data.

Examples:

  • sn_dev
  • sn_test
  • sn_prod

By segmenting the users you can also limit the amount of data used in your development and test environments. In Tenable.io, you can set up an Access Group and limit the data to specific assets to simplify the import and testing of data. In Tenable.sc, you can create a query that limits the data presented to the development and test users. To determine the best dataset to use for your development and test environments, speak with your Tenable administrator. They can also help you ensure ServiceNow displays the best data by setting up appropriate scan cadences.

Create Tenable.io API keys

Note: You must create unique API keys for use with ServiceNow.

  1. Log in to Tenable.io.
  2. Create administrator accounts (e.g. development, test, production) dedicated for use with ServiceNow. These accounts are used by ServiceNow to connect to Tenable.io to retrieve asset data.
  3. Generate API Keys and save them for use with ServiceNow.
  4. Navigate to SettingsAccess Groups.
  5. Click the All Assets group.
  6. Do one of the following:
    • If the All Users toggle is enabled, do nothing.
    • If the All Users toggle is disabled:
      1. Click the + button.
      2. Add the ServiceNow users you created in step 2.

Create Tenable.sc API Users

Note: You must create unique API users for use with ServiceNow.

  1. Log in to Tenable.sc.
  2. Create security manager accounts (e.g. development, test, production) with full access dedicated for use with ServiceNow. These accounts are used by ServiceNow to connect to Tenable.sc to retrieve asset data.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.