ServiceNow
  • 18 Jun 2024
  • 27 Minutes to read
  • Dark
    Light
  • PDF

ServiceNow

  • Dark
    Light
  • PDF

Article summary

ServiceNow provides service management software as a service, including IT services management (ITSM), IT operations management (ITOM), and IT business management (ITBM).

AttributesCybersecurity Asset ManagementSaaS Management
Service Account Required?NoYes
Service Account PermissionsRead permissions for all records of the tables sysevent_script_action, sys_email_filter, sys_dictionary, sys_properties password_policy, syslog_transaction, sysevent_script_action, v_plugins and sys_user
Required Adapter FieldsServiceNow DomainServiceNow Domain, User Name and Password, Multi-factor Authentication

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users
  • SaaS data


About ServiceNow

Use cases the adapter solves

An accurate Configuration Management Database (CMDB) is crucial for your ITSM program. It can often be a single source of truth for tracking and managing IT assets. Axonius will collect data across multiple different adapters to perform CMDB Reconciliation and Maintenance.

Data retrieved by ServiceNow
The data retrieved from ServiceNow is highly customizable as each deployment can vary greatly. By default, Axonius will connect to the following tables and their child tables (tables can be added or removed with the adapter settings).

  • cmdb_ci_computer
  • cmdb_ci_vm
  • cmdb_ci_vm_instance
  • cmdb_ci_printer
  • cmdb_ci_netgear
  • u_cmdb_ci_computer_atm
  • cmdb_ci_comm
  • cmdb_ci_cluster
  • cmdb_ci_cluster_vip
  • cmdb_ci_facility_hardware
  • cmdb_ci_msd

Axonius will connect to the user tables to fetch user information if enabled.

Enforcements

To properly reconcile and maintain the ServiceNow CMDB, Axonius has Enforcement Center actions to create and update devices in ServiceNow. Furthermore, Axonius can also create ServiceNow incidents based on device or user data in Axonius. This can be helpful when devices require manual intervention or when user accounts require updates.


Parameters

The parameters that you need to fill out will differ based on the capabilities in your Axonius platform. 'General' pertains to users with Cybersecurity Asset Management and/or SaaS Management capabilities.

General

  • ServiceNow Domain (required) - The hostname or IP address of the ServiceNow server. This field format is 'https://[instance].service-now.com'.

  • User Name and Password (optional) - The credentials for a user account that has the Required Permissions to fetch assets.

  • Client ID and Client Secret (optional) - The OAuth Client ID and Client Secret for OAuth access to ServiceNow. Refer to OAuth 2.0 with Inbound REST for full details on how to obtain the OAuth Token.

  • Refresh Token - When using the OAuth method of authentication, enter the value of the Refresh Token issued by a ServiceNow instance.

  • Verify SSL - Select to verify the SSL certificate offered by the value supplied in ServiceNow Domain. For more details, see SSL Trust & CA Settings.

  • HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in ServiceNow Domain.

  • Fetch users updated in ServiceNow in the last X hours (0: All) (optional, default: 0) - Enter an amount of hours to fetch only users that have been updated in ServiceNow in the last specified number of hours.

  • Fetch users created in ServiceNow in the last X hours (0: All) (optional, default: 0) - Enter an amount of hours to fetch only users that have been created in ServiceNow in the last specified number of hours.

  • Advanced configuration file (optional) - Upload an advanced configuration JSON file.

  • Enable Client Side Certificate - Select to enable Axonius to send requests using the certificates uploaded to allow Mutual TLS configuration for this adapter. When you select this option, 2 more fields are displayed:

  • Client Certificate File (.pem) - Adds a client side certificate to the connection.

  • Client Private Key File (.pem) - Adds a private key to the connection (if the API/proxy requires identification).

    TLSonAdapter.png

    • Click Choose file next to Client Private Key File to upload a client private key file in PEM format
    • Click Choose file next to Client Certificate File to upload a public key file in PEM format

Cybersecurity Asset Management

  • Fetch devices updated in ServiceNow in the last X hours (0: All) (optional, default: 0) - Enter an amount of hours to fetch only devices that have been updated in ServiceNow in the last specified number of hours.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

ServiceNow Adapter

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

General

  1. Fetch from the following Read Replica category (Must be supported on instance) (optional) - Specify the name of a 'Read Replica' of the 'Operational' database to remove the load from the main database. The value must be an existing 'Read Replica Category' within ServiceNow. This depends on configuration in ServiceNow.

    • When supplied, this adapter will fetch all data from the replica ServiceNow database instead of from the main database.
  2. Use the following field when filtering last updated (optional) - Enter a ServiceNow field name to be used as the field that Axonius filters by for the following configurations Fetch devices updated in ServiceNow in the last X hours and
    Fetch users updated in ServiceNow in the last X hours

    • If a field is set, this adapter will fetch devices or users which have the set field that was updated in the time defined.
    • When not supplied, this adapter will fetch devices or users which were last updated according to the ‘sys_updated_on’ ServiceNow field.
  3. Additional user table names (optional) - Enter one or more ServiceNow table names separated by commas from which Axonius will fetch entries and parse them into users. Table names should be of the format 'cmdb_ci_my_linux_server'

    • You can use this setting in 2 ways:

    A list of tables to fetch in addition to the built-in tables. In this case the format should be table_name(, table_name). When the table names are separated by commas.
    or
    A list of tables with filters. In this case the format should be (table_name(:sysparm_query)(;table_na…)), when sysparm_query is a ServiceNow query with ServiceNow operators as defined in Operators available for filters and queries and each table name together with a query (filter) is separated by a semicolon. (Fields in brackets are optional parameters)

    • When supplied, this adapter will fetch data from all of the additional tables listed, make them into users, then proceed with fetching the default hardcoded subset of tables Axonius usually fetches from. The tables listed in this field take precedence over the default ServiceNow tables queried by Axonius, a Ci fetched from these tables will now be totally ignored as redundant in the later “default” fetching process.
    • When not supplied, this adapter will not fetch data from any additional tables.
Note

The settings here for filters on the table names listed in this field apply exclusively to the list of tables in this field. Other advanced settings that you make do not serve as filters to the table names listed in this field.

For example: if Additional device table names==cmdb_ci_ip_switch:install_statusIN1;cmdb_ci_ip_router:install_statusIN1; and** Install status number exclude list**==2,3,4, then all of the ServiceNow built in user tables will be fetched with excluded of install_status of 2,3,4 and the specific tables in Additional user table names will be an “inclusion” of install_status of 1.

  1. Entries fetched per page (required, default: 500) - Specify the maximum number of entries for this adapter to fetch per page when connecting to the ServiceNow server.

    • The supplied value lets you control the performance of all the connections for this adapter. To reduce the number of requests sent to ServiceNow, but to avoid impact on overall performance, you can reduce the Number of requests to perform in parallel value and increase the Entries fetched per page value.
  2. Date Format - Generally, ServiceNow automatically identifies the date format. In some cases, the identification is ambiguous. You can set a specific date format for timestamps in ServiceNow. From the dropdown, select either: Automatically Identify, DD/MM/YYYY or MM/DD/YYYY. The default is Automatically Identify.

  3. Fetch Portfolio fields from u_ip_portfolio_mapping table - Select this option to fetch Portfolio fields in the u_ip_portfolio_mapping table.

  4. Fetch common cost center details - Select this option to fetch information from the cmn_cost_center table.

  5. Number of requests to perform in parallel (required, default: 50) - Specify the maximum parallel request for this adapter will create when connecting the ServiceNow server.
    This setting lets you control the performance of all the connections for this adapter.

  6. Fetch EC Action ticket updates - Select this option to configure the adapter to fetch updates on tickets created by Axonius users. The updated ticket information is displayed in the Tickets table showing information on all tickets in the system (Assets> Tickets) or on Tickets of a specific asset (in the Asset Profile of the relevant asset).

Cybersecurity Asset Management

  1. Fetch Devices - Select this option to allow Axonius to fetch devices from ServiceNow.

  2. Fetch Databases As Assets - Enter a (comma separated) list of tables. Axonius fetches the records from those table and parses them as database entities.

  3. Resolve Username based only on name field - Select this option so that the Username field in Axonius will display the value of the name field in the ServiceNow record.

  4. Fetch roles for users - Select this option to fetch the roles used by each user.

  5. Fetch last user transaction from syslog_transaction table - Select this option to fetch and parse the latest transaction (from syslog_transaction table) for each ServiceNow user, to the field “Last Transaction”.

  6. Fetch only cmdb ci computer table - Select this option for this adapter to attempt to fetch data specifically from the cmdb_ci_computer table.

  7. Use 'cmdb_ci' table instead of 'alm_asset' table for install status

    • If enabled, this adapter will collect the Install Status from the 'cmdb_ci' table.
    • If disabled, this adapter will collect the Install Status from the 'alm_asset' table.
  8. Users Email include list (optional) - Specify a comma-separated list of user emails to only fetch users whose emails contain any of the comma-separated list of user emails that have been defined in this field. (Note that the emails defined don't have to be full email addresses since Contains is used).

  9. Use dns_domain field as hostname - Select this option to to take the hostname value from the dns_domain ServiceNow field value (instead of from the name).

  10. Use asset_tag field as hostname - Select this option to take the hostname value from the asset_tag servicenow field value (instead of from the name).

  11. Remove domain suffix from hostname field - Select this option to remove the domain suffix from the ServiceNow Hostname field.

  12. Fetch NIC information from 'cmdb_ci_network_adapter' table (required, default: True) - If enabled, this adapter will fetch network interface information from the cmdb_ci_network_adapter table and from the matching cmdb_ci_ip_address table.

  13. Fetch only discovered NICs with IP information from 'cmdb_ci_network_adapter' table (optional) - Select whether to fetch network interface information from the cmdb_ci_network_adapter table that has an IP address.

  14. Fetch Software package information from 'cmdb_sam_sw_install'/'cmdb_software_instance' table - Select this option to fetch software package information from the ''cmdb_sam_sw_install'/'cmdb_software_instance' table.

  15. Do not use 'Last Seen' for the following tables (optional) -

    • Enter one or more ServiceNow table names separated by commas that will not be filtered by 'Last Seen'. This adapter will fetch all of the data from the specified tables from all dates.
    • To avoid calculating 'Last Seen' for all devices, enter * in the field.
  16. Fetch running processes information from cmdb_running_process table - Select this option to fetch running processes information.

  17. Fetch only parsed fields for users - Enabled to fetch only parsed fields from ServiceNow.

    • If disabled (default setting), fetches all fields from ServiceNow, shows them all in “view advanced” section and parses only the fields required.
  18. Fetch users data (required, default: True) - Select this option to fetch user data and add relevant user fields to the devices (for example: Owner, Assigned To, etc.).
    * The Users table in ServiceNow is a huge table. Therefore, fetching its data requires more time, RAM, and CPU from the adapter's connections.

  19. Create users (required, default: True) - Select this option to allow Axonius to create ServiceNow user entities from the user data fetched from this adapter. Users will be created only if you have checked the Fetch Users Data option.

  20. Fetch only active users - Select this option to fetch only active users.

  21. Use existing user data during device fetching - Select this option to add various user fields to the devices (for example: Owner, Assigned To, etc.) based on the associated Users Assets fields. The Fetch users data option will be ignored.

  22. Do not fetch devices without IP address, MAC address and serial number - Select this option to only collect information on devices if they have an IP address, MAC address, or serial number.

  23. Fetch VPN devices from 'cmdb_ci_vpn' table (required, default: True) - Select this option to fetch VPN devices from 'cmdb_ci_vpn' table.

  24. Fetch IP addresses (required, default: True) - Select this option to collect information on device IP addresses.

  25. Exclude disposed and decommissioned devices - Select this option to not collect information on devices if their status in ServiceNow is 'Disposed' or 'Decommissioned'.

  26. Install status exclude list (optional) - Specify a comma-separated list one or more install statuses to exclude from the fetched data. If supplied, this adapter will not fetch devices from ServiceNow if their install status is in the specified list.

  27. Install status include list (optional) - Specify a comma-separated list of one or more install statuses to include in the fetched data. If supplied, this adapter will only fetch devices from ServiceNow if their install status is in the specified list.

    • The values supplied in this field are applicable only if Install status exclude list is empty.
  28. Operational status exclude list (optional) - Specify a comma-separated list of one or more operational statuses to exclude from the fetched data. If supplied, this adapter will not fetch devices from ServiceNow if their operational status is in the specified list.

  29. Operational status include list (optional) - Specify a comma-separated list of one or more operational statuses to include in the fetched data. If supplied, this adapter will only fetch devices from ServiceNow if their operational status is in the specified list.

    • The values supplied in this field are applicable only if Operational status exclude list is empty.
Note:

In order for the above Install Status and Operational Status Include/exclude fields to work correctly, the Axonius ServiceNow user account must have access to the sys_choice table.

  1. Fetch only virtual devices - Select this option to fetch only virtual device assets from ServiceNow.

  2. Fetch operational status (required, default: True) - Select this option to fetch the operational status of device assets from ServiceNow.

  3. Fetch device relations (required, default: True) - Select this option to fetch the device relations of device assets from ServiceNow.

  4. Exclude VMs tables - Select this option to not collect device assets from tables in ServiceNow that are related to Virtual Machines.

  5. Populate device upstream and downstream fields - Select this option to populate the fields “upstream“ and “downstream“ for devices.

  6. Fetch upstream related Application Services information - Select this option to parse information from the Application Services table (cmdb_ci_service_discovered) of any application service existing in a device upstream relations.

  7. Fetch upstream related Application Services extended information - Select whether to fetch information from the cmdb_ci_service_auto table and additional fields from the cmdb_ci_service_discovered table not fetched by the Fetch upstream related Application Services information parameter.

  8. Fetch Application Services as asset -Select this option to fetch data from the 'z_application_services' table and create an Application Services generic asset.

  9. Fetch upstream related FCI details from u_applications - Select this option to fetch information from u_applications table and enrich devices with it.

  10. Fetch upstream related Certificate information - Select this option to fetch the certificate information of device assets from ServiceNow.

  11. Fetch upstream related Business Application - Select whether to fetch the Business Application information of device assets from ServiceNow.

  12. Fetch Business Application as Asset - Reserved for later use.

  13. Fetch upstream related Application from 'cmdb_ci_appl' table (optional, default: False) - Select to fetch information from the 'cmdb_ci_appl' table about applications related to a device.

  14. Populate Device Company Field with z_support_group_manager_company (optional) - Select this field to populate the Device Company field in the adapter basic view with the “z_support_group_manager_company” data.

  15. Populate the Device Owner based on assigned_to field - Select this option to populate the Axonius owner aggregated field based on the ServiceNow "assigned to" field instead of the "opened by" field.

  16. When company does not exist, use owner as company - If the "company" field value in a device doesn't exist, it will use the device owner as the company value

  17. When hostname does not exist, use asset name as hostname - Select this option to set the asset name as the hostname for the device in ServiceNow if a hostname does not exist.

  18. Use referenced ci field (cmdb_ci) as name and hostname - Select this option so that the device name and hostname field will be identical to the referenced ci name from the cmdb_i field value.

  19. Fetch active compliance policy exceptions Select this option to link 'active' compliance policy exceptions as identified by ServiceNow Governance, Risk and Compliance (GRC) to the respective devices.

  20. Do not fetch devices or users marked as excluded - Select this option to fetch assets that have the u_exclude_from_discovery field set as True in ServiceNow.

    • If disabled, this adapter will fetch all assets from ServiceNow.
    Note:

    As a prerequisite, u_exclude_from_discovery field must be created and defined in ServiceNow as a Boolean field.

  21. RAM from source in GB - Select this option to display the RAM data fetched from ServiceNow in GB memory units instead of MB memory units.

  22. Fetch only IPv4 for devices (exclude IPv6) - Select whether to only fetch IP addresses in IPv4 format for devices. By default Axonius fetches IP addresses both in IPv4 format and IPv6 format.

  23. Fetch model information from 'cmdb_model' (required, default: True) - Enable this setting If the 'model_id' field value is a reference to the cmdb_model table.

    • If enabled, this adapter will use the reference in the 'model_id' field to fetch the device_model and device_manufacturer from the cmdb_model table.
    • If disabled, this adapter will fetch only the value of the 'model_id'.
  24. Fetch active model lifecycle information from 'cmdb_hardware_model_lifecycle' - Select this option to fetch active model lifecycle information from the cmdb_hardware_model_lifecycle table and parse it as a list object named “Model Lifecycle”.

  25. Fetch CI key-values(tags) information from cmdb_key_value table - Select this option to fetch the table cmdb_key_value and enrich each device that has matching key-value records in the cmdb_key_value table.

  26. Fetch Device contract information from 'ast_contract' for the following parent contract numbers (optional) - Specify a comma-separated list of parent contract numbers. This option requires the 'Contract Management' plugin.
    * If supplied, this adapter will fetch contract information (number, short description) for the specified list, and will add the contract information to the devices associated with the contract (Contracts complex field), based on the relationship defined in ServiceNow.
    * If not supplied, this adapter will not fetch contract information.

  27. Fetch Device divestiture contract information from 'ast_contract' for the following parent contract numbers (optional) - Specify a comma-separated list of parent contract numbers. This option requires the 'Contract Management' plugin.

    • If supplied, this adapter will fetch divestiture contract information (number, short description) for the specified list, and will add the divestiture contract information to the devices associated with the contract (Divestiture Contracts complex field), based on the relationship defined in ServiceNow.
    • If not supplied, for this adapter will not fetch divestiture contract information.
  28. Fetch Platform Offering from ‘service_offering' table (optional) - Select to fetch information from the ‘service_offering’ table and enrich the device with the service offer name if a direct reference exists between the device and the table. Check the Fetch device relations field to search for a relation between the service offering and the device and create a new structure for the device called “CMDB Service Offering” with the details of the service offering.

  29. Extract software version and name from Software Name - Select this option to extract the correct software name and version when the field fetched by ServiceNow does not contain this correctly.

  30. Fetch Device divestiture contract information from 'ast_contract' for the following parent contract numbers (optional) - Specify a comma-separated list of parent contract numbers. This option requires the 'Contract Management' plugin.

    • If supplied, this adapter will fetch divestiture contract information (number, short description) for the specified list, and will add the divestiture contract information to the devices associated with the contract (Divestiture Contracts complex field), based on the relationship defined in ServiceNow.
    • If not supplied, for this adapter will not fetch divestiture contract information.
  31. Use 'last_discovered' device field exclusively as 'last_seen' - Select this option to compute the 'last_seen' field from the 'last_discovered' raw field, if this field does not exist 'last_seen' will not exist.

    • When disabled, this adapter will use max('last_discovered', ‘sys_updated_on’) to compute last_seen.
  32. Enter additional date fields to consider as 'last seen' - Enter values (comma separated) from fields to calculate the 'Device last seen field'.

  33. Include devices if they have the following field with the following value(s) (optional) - Enter one or more ServiceNow tables with a specified value, in the format (table_name:)field_name:(filtered_value,filtered_value). Separate entries with semi-colons. The table name must be exactly one of the values listed here: cmdb_ci_computer,cmdb_ci_vm,cmdb_ci_vm_instance,cmdb_ci_printer,cmdb_ci_netgear,u_cmdb_ci_computer_atm,cmdb_ci_comm,cmdb_ci_cluster,cmdb_ci_cluster_vip,cmdb_ci_facility_hardware,cmdb_ci_msd,u_cmdb_ci_dinar_infrastructure_object,cmdb_ci_vpn. (Fields in brackets are optional parameters)

    • If a field is supplied, this adapter will fetch devices which have a ServiceNow table that contains a field with the value defined.
Note:

The filters here overwrite any other filters you set for tables. If you choose this setting, you cannot choose other predefined ServiceNow advanced settings table filters as well.

  1. Exclude devices if they have the following field with the following value(s) (optional) - Enter one or more ServiceNow tables with a specificed value, in the format (table_name:)field_name:(filtered_value,filtered_value). Separate entries with semi-colons. The following table names are supported: cmdb_ci_computer,cmdb_ci_vm,cmdb_ci_vm_instance,cmdb_ci_printer,cmdb_ci_netgear,u_cmdb_ci_computer_atm,cmdb_ci_comm,cmdb_ci_cluster,cmdb_ci_cluster_vip,cmdb_ci_facility_hardware,cmdb_ci_msd,u_cmdb_ci_dinar_infrastructure_object,cmdb_ci_vpn. (Fields in brackets are optional parameters)

    • If a field is supplied, this adapter will exclude devices from the adapter fetch which have a ServiceNow table that contains a field with the value defined.
    Note:

    The filters here overwrite any other filters you set for tables. If you choose this setting, you cannot choose other predefined ServiceNow advanced settings table filters as well.

  2. Use sys_id as device ID (Might cause device duplication) - Select this option to only use the devices' sys_id field for the adapter device ID (recommended if the device name might change). If you enable this after the first fetch has already been done, it might cause duplicate devices.

  3. Additional device table names (optional) - Enter one or more ServiceNow table names separated by commas from which Axonius will fetch entries and parse them into devices. Table names should be of the format 'cmdb_ci_my_linux_server'

    • You can use this setting in 2 ways:

A list of tables to fetch in addition to the built-in tables. In this case the format should be table_name(, table_name). When the table names are separated by commas.
or
A list of tables with filters. In this case the format should be (table_name(:sysparm_query)(;table_na…)), when sysparm_query is a ServiceNow query with ServiceNow operators as defined in Operators available for filters and queries and each table name together with a query (filter) is separated by a semicolon. (Fields in brackets are optional parameters)

  • When supplied, this adapter will fetch data from all of the additional tables listed, make them into devices, then proceed with fetching the default hard coded subset of tables Axonius usually fetches from. The tables listed in this field take precedence over the default ServiceNow tables queried by Axonius, a Ci fetched from these tables will now be totally ignored as redundant in the later “default” fetching process.
  • When not supplied, this adapter will not fetch data from any additional tables.
Note

The settings here for filters on the table names listed in this field apply exclusively to the list of tables in this field. Other advanced settings that you make do not serve as filters to the table names listed in this field.

For example: if Additional device table names==cmdb_ci_ip_switch:install_statusIN1;cmdb_ci_ip_router:install_statusIN1; and** Install status number exclude list**==2,3,4, then all of the ServiceNow built in device tables will be fetched with excluded of install_status of 2,3,4 and the specific tables in Additional device table names will be an “inclusion” of install_status of 1.

  1. ServiceNow Fields are true (optional) - Enter one or more parameters, separated by commas, and filter only devices where these parameters are true. If the device does not have the field, the device is fetched.

  2. Always populate serial number (optional) - When selected, Device Manufacturer Serial is parsed even if it contains exclusion keywords, such as "VMware Virtual Platform".

  3. Ignore retired devices that have not been seen by the source in the last X hours (optional, default: 0) - Enter 1 or more hours to ignore retired devices that have not been seen by the source. A value of 0 means to fetch all devices.

  4. Exclude Devices OS list (optional) - Specify an Operating System name to not fetch devices which run this Operating System.

  5. Fetch ALM information from alm_asset table (default: true) - By default Axonius fetches additional data for existing devices from alm_asset table. Clear this option if you do not want to fetch ALM information.

  6. Do not add serial number metadata (optional) - Select this option so that metadata such as "VMWare-", "VMWare Inc.", "VMWare Virtual Platform" and any other device model data will not be added to ServiceNow serial numbers.

  7. Fetch Related PC Attributes - Select this option to fetch additional PC attribute data.

  8. Fetch Related CI Exceptions - Select this option to fetch records from the u_configuration_item_exception table and enrich the device with related exception information such as exception name, reason, related software etc.

  9. Use "VM Object ID" as "AWS Cloud ID" - Use this setting to use the VM Object ID to identify AWS Cloud IDs. When you select this option, if the value of the object_id confirms to the following rules,

    • getting vm_object_id from object_id,
    • if vm_object_id starts from ‘i-’ and length > 10

    Then Axonius uses the value of the `object_id` in the `device.cloud_id` field.
  10. Fetch Table Hierarchy - Select this option to create the table hierarchy of a device.

  11. Custom Schema Entry (JSON) (Custom devices schema, Custom users schema) - Use these settings to add a JSON file to fetch information from one object to another. Refer to Using Custom Schema Entries to add a JSON file toFetch Information from One Object to Another for details of how to configure these fields.

Showing Advanced Fields in Basic View

You can configure fields that generally appear in 'Advanced' to appear in 'Basic' view. Configure for devices and users separately as required. Use the plus sign to add an entry to each field.

SNAdditionalFields

Enter fields in the following JSON format:

[
{
    "label":"My First Field", 
    "raw_field": "field_a",
    "field_type": "str"
},
{
    "label":"My Second Field",
    "raw_field": "field_b",
    "field_type": "int"
}
]
  • label - the name for the field you want to appear in the basic view

  • raw_field - the name of the field as it appears in JSON format on the Adapter Connections page of the Asset Profile (or Advanced view table)

  • field_type -the field type as it appears in JSON format. The following field types are supported. int, string, datetime, float, bool. You can write them in the following ways:

    'int', 'string', 'str', 'date', 'datetime', 'float', 'bool', 'boolean'.

  • Number of requests to perform in parallel (optional, default: 50) - Enter the number of requests to perform in parallel.

Note:

For details about general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

Using Custom Schema Entries to Add a JSON File to Fetch Information from One Object to Another

You can use Custom devices schema, Custom users schema to add a JSON file to fetch information from one object to another. For instance from a source. For instance to enrich a laptop with information from another object. You can add more than one JSON file.

The JSON file must be of the format:

{
        “type”: “link”,
        “link_type”: “reference”,
        “source_table”: “Manufacturer”,
        “source_field”: “Software”,
        “destination_table”: “Software”,
        “linked_record_identifier”: “objectKey”,
        “destination_table_fields”: [“Type”, “Vendor”],
        “destination_table_query”: “objectTypeId=5"
}

link_type - The only supported type is reference.
source_table - The type of the source object type in jira. This is the table that will be enriched from the data in the destination_table.
source_field - The attribute of the object type from which the values should be brought. Enrich the contents of the source_table which has the same name as the value of the source_field in the destination_table, with the contents of the destination_table field.
destination_table - The destination object type in jira from which the data will be imported.
linked_record_identifier - the name of the attribute that identifies the object.
All of the above are mandatory.
destination table fields (optional) - List of fields to bring from the source - if no fields are listed, then all fields are brought.
destination_table_query (optional) - IQL Jira query to run when searching for the destination object.
It is not necessary to list all of the source tables, instead of listing all source_tables, it is possible to write “$ROOT” in the “source_table” field.

“type”: “link”,
    “link_type”: “reference”,
    “source_table”: “$ROOT”,
    “source_field”: “Owner”,
    “destination_table”: “User”

For instance if the source table contains the field "owner" then the system fetches the object of the sort "user" for all of the tables. This will populate associated users for all source objects that have the field "owner".

SaaS Management

  1. Fetch properties settings - Select this option to fetch general ServiceNow settings.
Note

To fetch settings using this advanced configuration, ensure that there are no ACL configurations blocking the records from the sys_properties table in Servicenow.

  1. Fetch password policy settings - Select this option to fetch password policy related settings.
  2. Fetch groups - Select this option to fetch ServiceNow groups as assets.
  3. Fetch roles - Select this option to fetch ServiceNow roles as assets.
  4. Fetch users' group membership - Select this option to fetch ServiceNow users group membership.
  5. Fetch active extensions from 'v_plugins' - Select this option to fetch active extensions.
  6. Fetch Activities From X days Ago - Enter the number of days to retrieve recent activities information.

Configuring Delta Fetch

Use Delta Fetch to fetch big ServiceNow inventories, which can take a long time to fetch. In order to use Delta Fetch you need to configure two ServiceNow connections. This is relevant for both the Cyber Security Asset Management and SaaS Management modules.

Configuring Full Fetch for the first Connection (not delta)

  1. Configure the first connection to run at a low frequency (our best practice for big inventories is once a week, usually over the weekend). Refer to Adapter Custom Schedule

  2. In the ServiceNow Configuration dialog make sure the following parameters are left empty

    • Fetch devices updated in ServiceNow in the last X hours
    • Fetch users updated in ServiceNow in the last X hours
      SNDelta1

Configuring Delta Fetch for the Second Connection

  1. Configure a second ServiceNow connection (a delta connection), that will perform the delta fetch.
  2. Configure this connection to run more frequently than the first, (our best practice is once a day or each discovery cycle).
  3. On the ServiceNow Parameter Connection screen, configure the following parameters to fetch only the latest updated assets (our best practice is to set the value to 48 hours).
    • Fetch devices updated in ServiceNow in the last X hours
    • Fetch users updated in ServiceNow in the last X hours

Note: make sure that the value of Fetch users created in ServiceNow in the last X hours is empty

General Configuration for Delta Fetch

  • In the adapter Advanced Settings the values of the following parameters must be greater than the frequency set for the full fetch connection.
    • Ignore devices that have not been seen by the source in the last X hours
    • Ignore users that have not been seen by the source in the last X hours
    • Delete devices and other assets that have not been returned from the source in the last X hours
    • Delete users that were not been returned from the source in the last X hours

DElta3

APIs

Axonius uses the Table API by default.

When the setting 'Use IdentifyReconcile Discovery Source to create computer' is configured, then the IRE API is used.

Required Ports

Axonius must be able to communicate with the value supplied in Host Name or IP Address via the following ports:

  • TCP ports 80/443: HTTP/S

Required Permissions

The value supplied in User Name must have Read access to devices.

To create such a user

  1. As an administrator, log into the ServiceNow admin panel and go to the User Administration panel.
    image.png

  2. Click Users and then New. Fill in the details for this user.
    image.png

  3. Create the user and then search for it in the Users screen to configure it. Click Edit to edit the user's attached roles.
    image.png

  4. Assign the following roles:

    Note:

    Roles can be unique to each ServiceNow instance. The roles listed here were tested in out-of-the-box ServiceNow instances. Please consult your ServiceNow admins to identify any custom roles that may be needed to read data from the tables you wish to fetch from .

    • itil
    • rest_api_explorer
    • web_service_admin
    • snc_read_only (only required to fetch SaaS data)
  5. Click Save and finally Update to save the user.
    image.png

For Accounts with SaaS Management

Read permissions are required for all records of the tables syslog_transaction, sysevent_script_action, sys_email_filter, sys_dictionary, sys_properties, password_policy, v_plugins, and sys_user in order to fetch Script Action, Email Filter, Antivirus, Properties Settings, Password Policy, Plugins, and User settings.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.