Skip to main content

ServiceNow Generic Feed

This Integration is part of the ServiceNow Generic Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This is a feed integration for extracting indicators from ServiceNow.

Configure ServiceNow Generic Feed in Cortex#

ParameterDescriptionRequired
Server URLThe format should be https://company.service-now.com/True
Use OAuth LoginSelect this checkbox if to use OAuth 2.0 authentication. See (?) for more information.False
Use JWT AuthenticationSelect this checkbox to use JWT authentication. See (?) for more information.False
PasswordTrue
Source ReliabilityReliability of the source providing the intelligence data.False
Trust any certificate (not secure)False
Use system proxy settingsFalse
Fetch indicatorsTrue
Indicator VerdictIndicators from this integration instance will be marked with this verdictFalse
Source ReliabilityReliability of the source providing the intelligence dataTrue
Feed Expiration PolicyFalse
Feed Fetch IntervalFalse
Bypass exclusion listWhen selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.False
TagsThe tag applied to the indicator when being forwarded into the TIMFalse
Query URLThe API route of the requested information in ServiceNowTrue
Indicator FieldThe field needed from the ServiceNow response which contains the indicator valueTrue

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

snow-get-indicators#


Retrieve indicators from ServiceNow.

Base Command#

snow-get-indicators

Input#

Argument NameDescriptionRequired
limitThe number of indicators that can be returned. Default is 1.Optional

Context Output#

There is no context output for this command.