Create connectoredit
Creates a ServiceNow connector, which can then be used to open ServiceNow incidents from SIEM cases.
Request URLedit
POST <kibana host>:<port>/api/action
Request bodyedit
A JSON object with these fields:
Name | Type | Description | Required |
---|---|---|---|
|
String |
Must be: |
Yes |
|
Object containing the action’s configuration. |
Yes |
|
|
Object |
Object containing the ServiceNow account credentials used to create and update incidents:
|
Yes |
|
String |
The registered ServiceNow connector. |
Yes |
Name | Type | Description | Required |
---|---|---|---|
|
Object |
Contains a
|
Yes |
|
String |
URL of the ServiceNow instance. |
Yes |
Example requestedit
POST api/action { "actionTypeId": ".servicenow", "config": { "casesConfiguration": { "mapping": [ { "source": "title", "target": "short_description", "actionType": "overwrite" }, { "source": "description", "target": "description", "actionType": "overwrite" }, { "source": "comments", "target": "comments", "actionType": "append" } ] }, "apiUrl": "https://dev87359.service-now.com" }, "secrets": { "username": "admin", "password": "securePassword123!" }, "name": "ServiceNow" }
SIEM case |
|
SIEM case |
|
SIEM case |
Response codeedit
-
200
- Indicates a successful call.
Response payloadedit
A JSON object with a connector id
that is required to push cases to ServiceNow.
Example responseedit
{ "id": "61787f53-4eee-4741-8df6-8fe84fa616f7", "actionTypeId": ".servicenow", "name": "ServiceNow", "config": { "casesConfiguration": { "mapping": [ { "source": "title", "target": "short_description", "actionType": "overwrite" }, { "source": "description", "target": "description", "actionType": "overwrite" }, { "source": "comments", "target": "comments", "actionType": "append" } ] }, "apiUrl": "https://dev78437.service-now.com" } }