ServiceNow

ServiceNow


[This feature is only available for Corporate version users]

This is a feature that allows you to send vulnerabilities from Faraday to ServiceNow as an incident (using ServiceNow's Incident table). 

Send vulnerability to ServiceNow

To send vulnerabilities to ServiceNow, go into our Status Report, select the desired vulnerabilities, click on the Tools button and then click on the ServiceNow option. 
Keep in mind that only confirmed vulnerabilities can be sent.



Send To ServiceNow

Once the ServiceNow dialog opens, you have two options:

  1. You can use the default data saved in the Ticketing Tools section of Settings (see Save ServiceNow's Configuration for more information):


  1. You can overwrite ServiceNow default data by clicking on the checkbox button and then manually input your ServiceNow credentials. Then click OK:



Issuetracker

Once the vulnerability has been sent to ServiceNow, add the column issuetracker so you can see a link that will lead you to the incident in ServiceNow.



Issuetracker's JSON

We added the issuetracker_json field which, if you’re using our ServiceNow integration, will give you details about the issue you created from Faraday to your ticketing instance. You can also use this field on your Executive Reports, and can render either the URL of your issue or just the ID for it.

Sending vulnerability’s evidence

You can send the vulnerability’s evidence to ServiceNow. The evidence will be sent as an incident’s attachments. Keep in mind the following considerations:
  1. You should have the right permissions to add attachments to an incident.
  2. The attachment size allowed by your ServiceNow\'s instance must be greater than the size of the attachment that you want to send.

Save ServiceNow's Configuration

To save ServiceNow's configuration, go to Settings:

 

Then go to the Ticketing Tools section:



URL

Use this field to save the URL of the ServiceNow's instance where you want the vulnerability to be sent.

Incident's configuration

In the Incident's Configuration section, you can set the way you want the vulnerabilities to be parsed as ServiceNow’s incident. You can set the incident’s category and subcategory in which the vulnerabilities will be sent or you can even use Jinja2 syntax to create your own templates to parse the vulnerabilities’ information and use these templates as the incident’s description in ServiceNow.

Incident’s category and subcategory

In these dropdown menus, you can set the category and the subcategory of the incident. Once you send the vulnerability to ServiceNow, you’ll see the same category and subcategory that you defined in Faraday. To check which category and subcategory you can choose, take a look at the following ServiceNow’s link.

Template

The template's name where you'll define the incident’s description. You can call any attribute of the vulnerability object using Jinja2 syntax. E.g., if you want your incident in ServiceNow to have as description the target, the hostnames, and the severity of the vulnerability, the template would be as follows:

  1. Target: {{target}}
  2. Hostnames:
  3. {%for hostname in hostnames%}
  4.     - {{hostname}}
  5. {%endfor%}
  6. Severity: {{severity}}

This template must be located inside the folder /home/faraday/.faraday/integrations_templates/.




    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • Settings

        In order to make Faraday's usage smoother, we have created the Settings section. Here, you can create new Custom Fields and edit Ticketing Tools configuration. To go into Settings, click on User's menu and then click on Settings: As you can see, for ...