ServiceNow connector and actionedit
The ServiceNow connector uses the V2 Table API to create ServiceNow incidents. The ServiceNow ITSM connector can be used for rule actions and cases. The ServiceNow SecOps connector can only be used for cases.
Prerequisitesedit
Create a ServiceNow integration user and assign it the following roles:
-
incident_manager
: Allows the user read, create, and update access to the Incident table. -
personalize_choices
: Allows the user to retrieve Choice element options, such as Severity.
Connector configurationedit
ServiceNow connectors have the following configuration properties.
- Name
- The name of the connector. The name is used to identify a connector in the Stack Management UI connector listing, and in the connector list when configuring an action.
- URL
- ServiceNow instance URL.
- Username
- Username for HTTP Basic authentication.
- Password
- Password for HTTP Basic authentication.
Connector networking configurationedit
Use the Action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings
to set per-host configurations.
Preconfigured connector typeedit
my-servicenow: name: preconfigured-servicenow-connector-type actionTypeId: .servicenow config: apiUrl: https://dev94428.service-now.com/ secrets: username: testuser password: passwordkeystorevalue
Config defines information for the connector type.
-
apiUrl
- An address that corresponds to URL.
Secrets defines sensitive information for the connector type.
-
username
- A string that corresponds to Username.
-
password
- A string that corresponds to Password. Should be stored in the Kibana keystore.
Define connector in Stack Managementedit
Define ServiceNow connector properties.

Test ServiceNow action parameters.

Action configurationedit
ServiceNow actions have the following configuration properties.
- Urgency
- The extent to which the incident resolution can delay.
- Severity
- The severity of the incident.
- Impact
- The effect an incident has on business. Can be measured by the number of affected users or by how critical it is to the business in question.
- Short description
- A short description for the incident, used for searching the contents of the knowledge base.
- Description
- The details about the incident.
- Additional comments
- Additional information for the client, such as how to troubleshoot the issue.
Configure ServiceNowedit
ServiceNow offers free Personal Developer Instances, which you can use to test incidents.