axonius logo

Webhooks and ServiceNow Incidents

A Webhook is an HTTP request that is triggered when an event occurs. The event Webhooks allow you to send edgescan data to other applications.

An event is an unplanned security-related interruption that has occurred in your organisation. This is reported in ServiceNow via an event, ITSM incident, or security incident.

Before setting up the integration, check with your ServiceNow account manager that your organisation has a subscription for Event Management. To create security incidents in ServiceNow this plugin is required.

Create a ServiceNow Authentication Header

Retrieve your Service Now username and password.

In order to use basic authentication details in the header you must encode the username and password.

If the username is Patrick and the password is Security123 then base64 encode them using the command:

echo -n "Patrick:Security123" | base64

The result is UGF0cmljazpTZWN1cml0eTEyMw==, then the authentication header will be:

Authorization:Basic UGF0cmljazpTZWN1cml0eTEyMw==

Setup ServiceNow Event Webhook

On edgescan navigate to the events page by going to Account/Settings -> Events.

Create a new event and give it an appropriate name.

In the first drop down select the event you want e.g. vulnerability opened.

Enable the Trigger a webhook event.

Enter the URL for the required ServiceNow table endpoint, usually:

  • Event: https://<YOUR_INSTANCE>.service-now.com/api/now/table/em_event

  • ITSM Incident: https://<YOUR_INSTANCE>.service-now.com/api/now/table/incident

  • Security Incident: https://<YOUR_INSTANCE>.service-now.com/api/now/table/sn_si_incident

Ensure the HTTP method is POST.

Add the authentication header from the above section.

Select the correct payload to match the endpoint entered:

  • JSON – ServiceNow: Event

  • JSON – ServiceNow: Incident

  • JSON – ServiceNow: Security Incident

The ‘Send a separate request for each item’ checkbox will create a new Security Incident ticket for each vulnerability when checked, otherwise it will create one ticket with many vulnerability details.

Save the event, and you’re all set up!

You can test that it is working by using the Test -> Notification button in the top right