Skip to content

ServiceNow

SailPoint Entro has an integration into ServiceNow via SailPoint Entro's Webhook mechanism and SNOW's Scripted REST APIs module.

By integrating SailPoint Entro into your SNOW via our Webhook mechanism you will be able to receive new and updated risks data.

  1. Head over to Scripted REST APIs as shown below

  2. Create a new API by clicking on New

  3. Fill in the Name and API ID, for example, as shown below

    1. The API ID will be used as the root of your endpoint

  4. Head over to the newly created API endpoint

  5. Under the Resources tab click New
  6. Modify the following details and create the resource

    1. Active: Toggled

    2. Name: as selected, for example, webhook

    3. HTTP Method: POST

    4. Path: Leave / for default resource path or add a custom path

      1. In our example the path is /webhook
    5. Script: The script is the most important requirement. It is written in JavaScript and utilizes ServiceNow’s capabilities. An example script is attached at the end of this document.

    The webhook is now ready to use -

Test

Test your webhook by sending a POST request to -

curl -X POST https://service-now-domain.com/api/snc/entro_webhook_api/webook

Notes:

  1. If “Requires authentication” was marked, then you will need to apply the necessary headers when configuring the webhook on SailPoint Entro's Platform
  2. More information about ServiceNow’s Scripted REST APIs can be found here.

Example Scripts

Both scripts utilize ServiceNow's GlideRecord. More about GlideRecord can be found here.

Incident Management

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
   var requestBody = request.body.data;
   var riskType = 'createdRisk';
    if (requestBody.hasOwnProperty('updatedRisk')) {
       riskType = 'updatedRisk';
   } else if (requestBody.hasOwnProperty('updatedRiskSeverity')) {
       riskType = 'updatedRiskSeverity';
   }
   var jsonData = requestBody[riskType];
   var incident = new GlideRecord('incident'); // Create an incident record
   incident.initialize();
   incident.short_description = (jsonData.name || 'No description provided');
   incident.description = JSON.stringify(jsonData, null, 2);
   if (jsonData.hasOwnProperty('guid')) { // Custom field for the RISK GUID
       incident.u_guid = jsonData.guid;
   }
   switch (jsonData.severity) { // Incident priority based on severity
       case 'HIGH':
           incident.priority = 1;
           break;
       case 'MEDIUM':
           incident.priority = 2;
           break;
       case 'LOW':
           incident.priority = 3;
           break;
       default:
           incident.priority = 4;
   }
   incident.insert();
   response.setStatus(200);
   response.setBody({status: 'Webhook received and incident created'});
})(request, response);

VR - Vulnerability Response

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
    var requestBody = request.body ? request.body.data : null;

    if (!requestBody || Object.keys(requestBody).length === 0) {
        response.setStatus(400); // Bad Request
        response.setBody({ status: 'Error', message: 'No data found in the request body' });
        return;
    }

    var riskType = 'createdRisk';
    if (requestBody.hasOwnProperty('updatedRisk')) {
        riskType = 'updatedRisk';
    } else if (requestBody.hasOwnProperty('updatedRiskSeverity')) {
        riskType = 'updatedRiskSeverity';
    }

    var jsonData = requestBody[riskType];
    var vulItem = new GlideRecord('sn_vul_app_vulnerable_item'); // Create a record in the App Vulnerable Item table
    vulItem.initialize();

    // Map JSON fields to the table's columns
    vulItem.short_description = jsonData.name || 'No description provided'; // Short description
    vulItem.technical_details = JSON.stringify(jsonData, null, 2); // Full JSON data to technical_details
    vulItem.sys_created_by = 'Entro Security'; // Hardcoded creator

    // Map severity to risk_score
    if (jsonData.hasOwnProperty('severity')) {
        switch (jsonData.severity) {
            case 'HIGH':
                vulItem.risk_score = 1; // High severity risk score
                break;
            case 'MEDIUM':
                vulItem.risk_score = 2; // Medium severity risk score
                break;
            case 'LOW':
                vulItem.risk_score = 3; // Low severity risk score
                break;
            default:
                vulItem.risk_score = 5; // Default risk score
        }
    }

    // Map 'location' from 'path' if provided
    if (jsonData.hasOwnProperty('path')) {
        vulItem.location = jsonData.path;
    }

    // Optional mapping for 'source' field if present
    if (jsonData.hasOwnProperty('source')) {
        vulItem.source = jsonData.source;
    }

    // Insert the record into the App Vulnerable Item table
    vulItem.insert();

    // Send a success response
    response.setStatus(200);
    response.setBody({ status: 'Webhook received and app vulnerable item record created' });
})(request, response);