Creating a new Catalog Item in ServiceNow
To integrate ServiceNow with Application Control, a new catalog item needs to be created. The instructions on this page will explain the basic requirements for that item in order for the integration to be successful. Additional variables and an altered workflow can be configured as appropriate.
In this section:
Create a new Application Control catalog item
-
Type Catalog in the filter and search for Maintain Items. When clicked that will bring up the existing catalog items that come installed by default.
-
Click New.
-
Complete the Name and other fields as required, for example:
-
Click Submit, then go back into the newly created item.
-
Scroll down to the variables tab. Click New.
-
Create a New variable, Single Line Text item for each of the following:
-
Question: Application / Name: Application
-
Question: User Name / Name: User_Name
-
Question: Computer Name / Name: ComputerName (from release 2022.3)
-
Question: Hash / Name: Hash
-
Question: Vendor / Name: Vendor
-
Question: Reason / Name: Reason
-
Question: Description / Name: Description
-
Question: Version / Name: Version
-
NOTE: This is case sensitive. Please enter values as they appear above.
-
Create a New variable, Select Box item for each of the following. Under each New select box item add the Question choices options (once the select box has been created you can save time by save via the 3 lines icon, this will refresh the variable page with question options ):
-
Question: Resource Type / Name: Resource_Type – Click 3 Lines icon, save.
-
Text & Value: Application – Click submit
-
Text & Value: Windows Component
-
-
Question: Action / Name: Action
-
Text & Value: Allow
-
Text & Value: Allow and Elevate
-
Text & Value: Allow and Elevate (Excluding Child Processes)
-
-
Question: Windows Component / Name: Component
Text & Value:
-
Add Hardware
-
Automatic Updates/Windows Updates
-
Backup and Restore Center
-
BitLocker Disable/Suspend
-
BitLocker Enable/Resume
-
Calibrate Color
-
Certificate Manager
-
Clear Type Text
-
Component Services
-
Computer Management
-
Data Sources
-
Date and Time
-
Default Location
-
Defragment
-
Desktop DPI
-
Device Manager
-
Disk Management
-
Display
-
Ease of Access Center
-
Easy Transfer
-
Event Viewer
-
Explorer - Advanced Security, Change Permissions
-
Explorer - Advanced Sharing
-
Explorer - Check Drive for Errors
-
Explorer - Security, Edit Users or Groups
-
Explorer - Show Quota Settings
-
Indexing Options - Advanced Indexing Options
-
Indexing Options - Pause Indexing
-
Indexing Options - Show All Locations
-
Install/Uninstall Languages
-
Internet Options
-
iSCSI Initiator
-
Local Security Policy
-
Network Connections - Advanced Sharing Settings
-
Network Connections - Local Area Connection Properties
-
Network Connections - Manage Local Area Connection (Disable/Delete/Rename/Bridge)
-
Network Connections - Manage Wireless Profile
-
Network Connections - Wireless Network Properties, Copy Profile to USB Flash Drive
-
Network Connections - Wireless Network Properties, Show Characters
-
Offline Files
-
Performance Monitor
-
Power Options
-
Printers
-
Problem Reporting
-
Programs and Features - Uninstall an Update
-
Programs and Features - Uninstall or Change a Program
-
Recovery Disc
-
Recovery Restore
-
Regional Options
-
Server Manager
-
Services
-
System
-
System Configuration
-
Task Scheduler
-
Troubleshoot
-
Trusted Platform
-
User Accounts - Manage User Accounts
-
User Accounts - User Account Control Settings
-
Windows Defender
-
Windows Features
-
Windows Firewall Advanced Settings
-
Windows Firewall Settings - Action Center
-
Windows Firewall Settings - Control Panel
-
-
Question: Duration / Name: Duration
-
Text & Value: One Hour
-
Text & Value: Four Hours
-
Text & Value: One Day
-
Text & Value: Two Days
-
Text & Value: One Week
-
Text & Value: Two Weeks
-
Text & Value: One Month
-
Text & Value: Indefinitely
-
-
Make sure to Save all of the options.
Create a Workflow
In this example, the workflow allows anything signed by MicroSoft. This is to show what can be done in workflows, it may not be what is required in all situations. Please modify the workflow according to business requirements.
Steps
Type workflow into the Search and click Workflow Editor, then New Workflow.
Call it something suitable (Name: AC Workflow), Table: Request Item [sc_req_item] – Click Submit
Add the required workflow elements from the Core tab (right corner)
-
Utilities > X= Set Value
-
Name: Set Values to open
-
Values: State - Open
-
-
Conditions > If
-
Name: Signed by Microsoft
-
Conditions: Variables – Application Control Catalog – Vendor – Starts with - Microsoft
-
-
Approvals > Approval – User
-
Name: Manager Approval
-
Stage: Waiting for Approval
-
Approvers: Users – System Administrator
-
Condition for approval:
-
Wait for: Anyone to approve
-
When anyone rejects: Reject the approval
-
Approval column: approval
-
Approval Journal column: approval_history
-
-
-
Utilities > X= Set Value
-
Name: Approved
-
Stage: Complete
-
Values:
-
Approval – Approved
-
State – Closed Complete
-
-
-
Utilities > X= Set Value
-
Name: Set Rejected
-
Stage: Complete
-
Values:
-
Approval – Rejected
-
State – Closed Complete
-
-
Connect the workflow activities as follows:
When finished, in the top left corner of the dialog, click the 3 lines icon. Click Publish.
Application Control catalog item
Return to the Application Control catalog item and under the Process Engine tab > Workflow select AC Workflow. The Flow and Execution plan should be empty.
Follow these steps:
-
In the Portal Settings tab > Request method, set to Request.
-
Select Hide for all the other options.
-
Publish the catalog item by clicking Edit in Catalog Builder (top right).
-
Click the Review and Submit tab on the left-hand side. Click Submit.
-
State will now change to Published.
-
Create a REST token
Search OAuth and click Application Registry, then follow these instructions:
-
Create a New item – Create an OAuth API endpoint for external clients
-
Give it a suitable name (e.g. Application Control). You can leave the Client Secret blank as that will auto fill on save.
-
Leave the remaining options at default. The Refresh Token and Token values default to 100 days and 30 minutes respectively. They can be modified if required.
-
Save.
-
Go back in and make a note of the Client ID and Client Secret. As you will need to enter this into the Application Control console.
Create a New User
You can either create a new user or use an existing one. Type "users" into the filter and click Users under System Security. Click the user you want to set the password for or click New.
-
User ID – firstname.lastname
-
Only need to fill in the first and last name.
-
-
Save the user (3 line icon top left) - Set a password – Generate and Save
-
Make a note of the username and password, as you will need to enter this into the Application Control console.
-
-
Add Role – Click Edit.
-
Type in Admin. Add and Save.
-
Application Control Console
In the AC console, go to Global Settings > Policy Change Request options > ServiceNow tab. Enter the relevant information for the steps above.
-
URI: The URL of the web page instance you were given: e.g. https://dev12345.service-now.com/
-
Client ID: See create a REST token section above.
-
Client Secret: See create a REST token section above
-
Click Login to ServiceNow: See Create New User section above.
-
Browse for Catalog Items – Find the catalog item you create in the steps above.
-
For example: Application Control Catalog Item
-
Approve Requests
Under the menu filter find: Service Catalog > Requests. You will find all the requests raised to your ServiceNow instance.
Go into a Request, then go down to the tab Request items and click the number.
In the Approvers tab, click the state Requested.
Change the State to Approved and Save.
ServiceNow Instance Warning
The developer ServiceNow instances go into Hibernation overnight, so you’ll need to log back in each morning to trigger the instance to reawaken.