Configure ServiceNow

The following is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Product Offering.

Required User Role: Administrator

Before you create ServiceNow incidents within Tenable Vulnerability Management, you must configure your ServiceNow account.

Prerequisites

Before you begin, you must have the following:

  • A ServiceNow administrator user with the following roles:

    ServiceNow Permission

    		 Custom Context Atlassian Documentation
    canvas_user

    Primarily associated with accessing and viewing Configurable Workspaces and pages built with UI Builder.

    This role provides the necessary permissions to render and interact with the visual structure (the "canvas") of the ServiceNow user interfaces.

    		 Document Intelligence Roles
    cmdb_inst_admin Grants administrative rights specifically for configuring and managing CMDB data integration processes. Exploring SGC Central
    connection_admin A specialized administrative role focused on managing the security and configuration of external system connections. Create a Connection Administrator

For more information about creating a ServiceNow user, see Create a User in the Tenable for ServiceNow Integration Guide.

To configure ServiceNow to support ServiceNow incident creation in Exposure Response:

  1. In the left navigation, click Settings.

    The Settings page appears.

  2. Click the ServiceNow tile.  

    The ServiceNow connector page appears.

  3. Configure your ServiceNow credentials:

    4. Option Description
    Integration Name Choose your own ServiceNow integration name.
    ServiceNow Instance URL The unique web address for your organization's instance of ServiceNow, typically formatted as https://[your-company-name].service-now.com.
    User Name

    Your ServiceNow User ID.
    Password

    Your ServiceNow password associated with the User ID.

  4. To test the connection, click Connect.  

    Once Tenable validates the integration connectivity, a Connection was Successful notification appears.

  5. Configure the following default values for synchronizing ServiceNow Incident Priorities and Incident States:

    Warning: ServiceNow business rules can alter any field on a record, including Incident Priorities and Incident States, after Tenable Vulnerability Management sends the data. These rules may override the custom mapping you configure in this section.

    • Sync Incident Priorities

      1. Select one of the following:

        • Do Not Sync

        • Sync Using Custom Mapping — If you use a custom mapping, use the following guidelines:

          Finding SeverityServiceNow Incident Impact ServiceNow Incident UrgencyResulting ServiceNow PriorityCustomer Context

          Critical

          		HighHighP1 (Critical)Immediate, business-impacting risk. Typically requires emergency patching or immediate action.
          HighHighMediumP2 (High)Confirmed vulnerability with high CVSS/VPR; requires aggressive patching as per SLA.
          MediumMediumMediumP3 (Moderate)Standard vulnerability management queue. Addresses moderate risk findings.
          LowLowLowP4 (Low)Non-critical finding, typically addressed during regular maintenance cycles.
          InfoLowLowP5 (Informational)Excluded from most standard patching SLAs. For situational awareness or future planning.

    • Sync Incident State

      1. Select one of the following:

        • Do Not Sync

        • Sync Using Custom Mapping — If you use a custom mapping, use the following guidelines:

          Tenable Vulnerability Management Finding StateServiceNow Incident State
          New, Active, ResurfacedNew, In Progress
          FixedResolved, Closed