Webhooks and ServiceNow Incidents
A Webhook is an HTTP request that is triggered when an event occurs. The event Webhooks allow you to send edgescan data to other applications.
An event is an unplanned security-related interruption that has occurred in your organisation. This is reported in ServiceNow via an event, ITSM incident, or security incident.
Before setting up the integration, check with your ServiceNow account manager that your organisation has a subscription for Event Management. To create security incidents in ServiceNow this plugin is required.
Create a ServiceNow Authentication Header
Retrieve your Service Now username and password.
In order to use basic authentication details in the header you must encode the username and password.
If the username is
Patrick and the password is
Security123 then base64 encode them using the command:
echo -n "Patrick:Security123" | base64
The result is
UGF0cmljazpTZWN1cml0eTEyMw==, then the authentication header will be:
Setup ServiceNow Event Webhook
On edgescan navigate to the events page by going to
Account/Settings -> Events.
Create a new event and give it an appropriate name.
In the first drop down select the event you want e.g.
Trigger a webhook event.
Enter the URL for the required ServiceNow table endpoint, usually:
- ITSM Incident:
- Security Incident:
Ensure the HTTP method is
Add the authentication header from the above section.
Select the correct payload to match the endpoint entered:
- JSON – ServiceNow: Event
- JSON – ServiceNow: Incident
- JSON – ServiceNow: Security Incident
The ‘Send a separate request for each item’ checkbox will create a new Security Incident ticket for each vulnerability when checked, otherwise it will create one ticket with many vulnerability details.
Save the event, and you’re all set up!
You can test that it is working by using the
Test -> Notification button in the top right