ServiceNow
SailPoint Entro has an integration into ServiceNow via SailPoint Entro's Webhook mechanism and SNOW's Scripted REST APIs module.
By integrating SailPoint Entro into your SNOW via our Webhook mechanism you will be able to receive new and updated risks data.
-
Head over to Scripted REST APIs as shown below

-
Create a new API by clicking on New
-
Fill in the Name and API ID, for example, as shown below
-
The API ID will be used as the root of your endpoint

-
-
Head over to the newly created API endpoint
- Under the Resources tab click New
-
Modify the following details and create the resource
-
Active: Toggled
-
Name: as selected, for example, webhook
-
HTTP Method: POST
-
Path: Leave / for default resource path or add a custom path
- In our example the path is /webhook
-
Script: The script is the most important requirement. It is written in JavaScript and utilizes ServiceNow’s capabilities. An example script is attached at the end of this document.
The webhook is now ready to use -
-

Test
Test your webhook by sending a POST request to -
Notes:
- If “Requires authentication” was marked, then you will need to apply the necessary headers when configuring the webhook on SailPoint Entro's Platform
- More information about ServiceNow’s Scripted REST APIs can be found here.
Example Scripts
Both scripts utilize ServiceNow's GlideRecord. More about GlideRecord can be found here.
Incident Management
(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
var requestBody = request.body.data;
var riskType = 'createdRisk';
if (requestBody.hasOwnProperty('updatedRisk')) {
riskType = 'updatedRisk';
} else if (requestBody.hasOwnProperty('updatedRiskSeverity')) {
riskType = 'updatedRiskSeverity';
}
var jsonData = requestBody[riskType];
var incident = new GlideRecord('incident'); // Create an incident record
incident.initialize();
incident.short_description = (jsonData.name || 'No description provided');
incident.description = JSON.stringify(jsonData, null, 2);
if (jsonData.hasOwnProperty('guid')) { // Custom field for the RISK GUID
incident.u_guid = jsonData.guid;
}
switch (jsonData.severity) { // Incident priority based on severity
case 'HIGH':
incident.priority = 1;
break;
case 'MEDIUM':
incident.priority = 2;
break;
case 'LOW':
incident.priority = 3;
break;
default:
incident.priority = 4;
}
incident.insert();
response.setStatus(200);
response.setBody({status: 'Webhook received and incident created'});
})(request, response);
VR - Vulnerability Response
(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
var requestBody = request.body ? request.body.data : null;
if (!requestBody || Object.keys(requestBody).length === 0) {
response.setStatus(400); // Bad Request
response.setBody({ status: 'Error', message: 'No data found in the request body' });
return;
}
var riskType = 'createdRisk';
if (requestBody.hasOwnProperty('updatedRisk')) {
riskType = 'updatedRisk';
} else if (requestBody.hasOwnProperty('updatedRiskSeverity')) {
riskType = 'updatedRiskSeverity';
}
var jsonData = requestBody[riskType];
var vulItem = new GlideRecord('sn_vul_app_vulnerable_item'); // Create a record in the App Vulnerable Item table
vulItem.initialize();
// Map JSON fields to the table's columns
vulItem.short_description = jsonData.name || 'No description provided'; // Short description
vulItem.technical_details = JSON.stringify(jsonData, null, 2); // Full JSON data to technical_details
vulItem.sys_created_by = 'Entro Security'; // Hardcoded creator
// Map severity to risk_score
if (jsonData.hasOwnProperty('severity')) {
switch (jsonData.severity) {
case 'HIGH':
vulItem.risk_score = 1; // High severity risk score
break;
case 'MEDIUM':
vulItem.risk_score = 2; // Medium severity risk score
break;
case 'LOW':
vulItem.risk_score = 3; // Low severity risk score
break;
default:
vulItem.risk_score = 5; // Default risk score
}
}
// Map 'location' from 'path' if provided
if (jsonData.hasOwnProperty('path')) {
vulItem.location = jsonData.path;
}
// Optional mapping for 'source' field if present
if (jsonData.hasOwnProperty('source')) {
vulItem.source = jsonData.source;
}
// Insert the record into the App Vulnerable Item table
vulItem.insert();
// Send a success response
response.setStatus(200);
response.setBody({ status: 'Webhook received and app vulnerable item record created' });
})(request, response);