ServiceNow Configuration Management Database (CMDB) Connector Guide
Summary: How to set up and use the ServiceNow Configuration Management Database (CMDB) connector in RiskSense.
Overview
The ServiceNow Configuration Management Database (CMDB) connector creates an integration with the ServiceNow CMDB module for syncing information with the RiskSense platform. Optionally, you can enable the RiskSense platform to create configuration items (CIs) within ServiceNow CMDB. When the connector is configured, RiskSense users can see and filter CMDB information within the platform. If the option for asset creation is turned on and configured, the user will be able to see new assets within the defined table in ServiceNow CMDB. The ServiceNow user used in the connector configuration process needs read access to the CMDB CI tables that assets are stored in and write access (if configured) to the CI table created in ServiceNow for creating new assets.
This connector offers the flexibility to define up to 10 custom fields pulled from ServiceNow on top of the default fields (from the base CI table in ServiceNow). It allows for optional asset creation in ServiceNow. Additionally, it supports business criticality mapping in multiple ways to help get your asset’s business criticality synced into the platform.
ServiceNow Configuration
ServiceNow Table Creation (Required for CMDB Asset Creation)
To write to CMDB, create a table in ServiceNow using the CI class manager with the display name cmdb_ci_risksense.
cmdb_ci should be the parent table of the u_cmdb_ci_risksense table.
This link provides additional details on table creation.
ServiceNow User Permissions
RiskSense requires ServiceNow user credentials during the connector configuration process. This user must have create, read, and write permissions to the custom table made in the previous step. The itil role should give access to the cmdb_ci table and all related tables to read all required fields for this integration (except for the asset creation options, which are covered separately in this guide).
You can either create a new user and assign them the itil role or add it to an existing user. These user credentials are used during the RiskSense connector setup and communicate with the ServiceNow instance via API calls.
This link provides details on assigning a role to a user.
Connector Configuration
Navigate to the Automate > Integrations page.
Using the search bar in the upper-right corner of the Integrations page, type CMDB to find the connector.
Locate the ServiceNow CMDB card on the page and click Configuration.
In the new window under Connection, complete the required fields, as described below.
-
Connector Name: The connector’s name.
-
Username: ServiceNow username with the permissions designated earlier in this guide.
-
Password: Password for the associated ServiceNow account.
-
Location (URL): ServiceNow instance URL.
-
Show Optional SSL Certificate: Check this box to add an optional SSL certificate in base64 format.
Click the Test Credentials button to ensure the credentials are correct and have the necessary access to make ServiceNow CMDB API calls.
Under the Connector Specific Option section, configure the following items for the connector.
Configured CMDB connectors connected to Networks: This section displays any currently configured CMDB connectors connected to networks in RiskSense.
Network: This section configures what RiskSense networks the connector will be limited to when syncing asset information from the ServiceNow CMDB module. Select the network from the dropdown.
Default Fields: All these fields are base CI fields in ServiceNow and will be pulled for all assets in the RiskSense platform that reside in configured networks if populated in ServiceNow.
Business Criticality: Business Criticality can be used in three ways.
Off (No Criticality Sync)
On with Criticality Mapping
This can be mapped to source criticality, which comes from the business_criticality (Business Criticality) field in the cmdb_ci_service (Business Service) table. These cmdb_ci_service (Business Service) objects are associated with cmdb_ci (Configuration Items) and its child tables. If multiple cmdb_ci_service (Business Service) records are associated with a single CMDB CI, then RiskSense takes the highest of the information from ServiceNow.
On with Field Mapping
This can be mapped to a specific field meeting the criteria defined in the screenshot below.
CMDB Tables to Query:
Asset Matching Query Order: When using this connector, users have the option to set CMDB mapping by network type (hostname, IP, or mixed) or by individual network. Users can select either the network type configuration or one or more individual network types with custom mappings for each of them.
Users can now select more RiskSense fields to map to ServiceNow. The RiskSense drop-down contains all the possible standard asset identifiers such as Host Name, IP Address, DNS, NetBIOS, and Mac Address. Users can choose to query corresponding ServiceNow fields, including name, ip_address, fqdn, and mac_address. If the user wishes to select another field, they should choose the “Other“ option. A text box will be displayed that accepts the ServiceNow table field name.
By Network Type
Users can select multiple options and configure separate configuration sets for each network type.
By clicking Add another identifier, you can select up to five configuration sets for each network type.
By Individual Network
Users can choose multiple individual networks and configure separate configuration sets for each network. By clicking Add another identifier, you can select up to five configuration sets for each network.
Allow Automatic Asset Creation: The connector can be configured to automatically create new configuration items in ServiceNow CMDB. This requires that a table and permissions to this table (u_cmdb_ci_risksense) have been created and granted within the ServiceNow instance. During a sync with ServiceNow CMDB, any asset in the RiskSense platform that cannot find any matching ServiceNow records (CI) will create a new configuration item (CI) in the CMDB. This does NOT happen for multiple records found situations.
Asset Compliance: These fields can be mapped to any valid CI fields in ServiceNow. If these fields are not there for any given CI, they will simply not be populated in the platform.
Custom Fields: These fields can be mapped to any valid fields on your CIs in SNOW. If these fields are not there for any given CI, then they will not be populated in the platform.
Click the Save button to save the connector’s configuration and create the connector. Once saved, the connector is now visible on the Integrations page under Currently Configured Integrations.
Clicking the History button displays the connector details for each pull. The Sync button allows users to perform on-demand sync. The Edit button allows the user to edit the connector configuration. The Delete button allows the user to delete the connector.
RiskSense CMDB Usage
There are many ways that the RiskSense platform allows you to view, edit, lock, filter, and use CMDB information synced with your RiskSense assets.
General Sync Information
Once the connector is synced, if an asset previously found a matching record in ServiceNow CMDB, then it will keep syncing with the same record in all future sync operations even though there could be multiple matching records found in ServiceNow CMDB.
Custom Field Display Value Configuration
While logged into the RiskSense platform, navigate to the Settings (
) > Client Settings page from the top-right corner of the screen.
Custom field labels can be configured in the Configuration Management Database section. This setting only affects the connector configuration screen and the host detail slide-out display value.
NOTE: When filtering for these fields, the filter category will always be “Custom Field X” and not the configured display value for the detail pane.
Editing CMDB Fields
Within RiskSense, a user can select one or more hosts and edit their CMDB fields. Users can select from a list of CMDB fields to edit.
To edit CMDB fields in RiskSense, navigate to the Manage > Hosts page.
Select the hosts you want to edit CMDB fields for by clicking the check box in the page’s first column. You may select several hosts at a time.
Click the More button.
In the More menu, click Edit CMDB Hosts.
The green circle on the left indicates that the user can edit those fields, and once the fields are edited, they will be locked to the API.
The yellow circle indicates that only partial hosts will be updated. The below picture indicates that 2 out of 3 selected hosts are locked to the connector and labeled with the name you gave your CMDB connector. The red circle indicates that it cannot update the field for any of the hosts.
Locking CMDB Fields
Within RiskSense, a user can select one or more hosts and select Lock CMDB Hosts to lock the host’s CMDB fields either to a CMDB connector or UI/API. Users can select from a list of CMDB fields that need to be locked.
To lock CMDB fields in RiskSense, navigate to the Manage > Hosts page.
Select the hosts you want to lock CMDB fields for by clicking the check box in the page’s first column. You may select several hosts at a time.
Click the More button.
In the More menu, click Lock CMDB Hosts.
The green circle on the left indicates that the user can lock those fields to connector or API. The yellow circle indicates that only partial hosts will be locked to the selected option. The red circle indicates that it cannot lock the field for any of the hosts (as it is already locked).
Once the host fields are locked to a connector, only that connector can update the selected host fields. If the host fields are locked to the API/UI, only the API or UI can update those fields. No connector can update if the fields are locked to API/UI.
RiskSense Fields/Status Types
Status Types
Status types are found in the Host Detail pane when looking at an asset in RiskSense. They can be filtered using the filter category CMDB Sync Status on the Hosts page. Below is more information about the possible status values that a RiskSense asset can have and the filter values that correspond to them.
SYNCED (Filter Value: Synced): Only one unique record found in SNOW CMDB matching the search criteria and synced.
NOT_FOUND (Filter Value: No Record Found): No record found in SNOW CMDB.
MULTIPLE_FOUND (Filter Value: Multiple Found): Multiple records were found that match the search criteria in SNOW CMDB.
RECORD_NO_LONGER_FOUND (Filter Value: Record No Longer Found): The SNOW CMDB record was found in a previous sync but not found in the latest one (e.g., the CI was deleted).
NOT_APPLICABLE (Filter Value: Not Applicable): The host is not part of any CMDB connector.
Fields
The following tables show the RiskSense CMDB fields (default/configurable/custom) supported by this connector and the user interface/API.
Field Auxiliary Information
-
Data Refresh: The RiskSense CMDB field’s last updated time.
-
Locked By: RiskSense CMDB field is updated by. It can be either locked to a connector or the API/UI. Each field can be individually locked on a per asset basis.
Default Fields
There are default fields that the connector always attempts to pull if they are populated in ServiceNow.
|
RiskSense Field |
RiskSense Filter Category |
ServiceNow CMDB CI Field |
Field Description |
|---|---|---|---|
|
Operating System |
CMDB Operating System |
os |
Asset operating system. |
|
Manufactured By |
CMDB Manufactured By |
manufacturer |
Asset manufacturer. |
|
Model |
CMDB Model |
model_id |
Asset model. |
|
Location |
CMDB Location |
location |
Asset location. |
|
Managed By |
CMDB Managed By |
managed_by |
Who manages the asset. |
|
Owned By |
CMDB Owned By |
owned_by |
Who owns the asset. |
|
Supported By |
CMDB Supported By |
supported_by |
Who supports the asset. |
|
Support Group |
CMDB Support Group |
support_group |
The group that supports the asset. |
|
Last Scanned |
CMDB Last Scanned |
sys_updated_on |
Asset’s last scanned time (scan meaning CMDB Agent or collection server). |
|
Asset tags |
CMDB Asset tags |
asset_tag |
Asset’s associated asset tags. |
|
Mac Address |
CMDB Mac Address |
mac_address |
Asset MAC address. |
|
Unique Id |
CMDB Unique Id |
sys_id |
Asset’s Unique ID (ServiceNow sys_id) of the matching record (CI). |
Custom Fields
If these fields are configured in RiskSense and populated in ServiceNow, the connector always attempts to pull these configurable fields.
|
RiskSense Field |
RiskSense Filter Category |
ServiceNow CMDB CI Field |
Field Description |
|---|---|---|---|
|
Business Criticality |
Criticality |
Mapping to CI-associated criticality configurable field |
This can be mapped to source criticality, which comes from the business_criticality (Business Criticality) field in the cmdb_ci_service (Business Service) table. These cmdb_ci_service (Business Service) objects are associated with cmdb_ci (Configuration Items) and its child tables. If multiple cmdb_ci_service (Business Service) records are associated with a single CMDB CI, then we will take the highest of the information from ServiceNow. OR The asset’s Business Criticality in RiskSense. This is an integer from 1 (least critical) to 5 (most critical). |
|
Asset Compliance: FERPA |
CMDB FERPA Compliance Asset |
Configurable Field |
A field to represent whether this asset is FERPA compliant. |
|
Asset Compliance: HIPAA |
CMDB HIPAA Compliance Asset |
Configurable Field |
A field to represent whether this asset is HIPAA compliant. |
|
Asset Compliance: PCI |
CMDB PCI Compliance Asset |
Configurable Field |
A field to represent whether this asset is PCI compliant. |
|
Custom Field 1 |
CMDB Custom Field 1 |
Configurable Field |
These fields can be mapped to anything you want and configured within RiskSense to have a unique display name. NOTE: When filtering for these fields, the filter category will always be “Custom Field X” and not the configured display value for the detail pane. |
|
Custom Field 2 |
CMDB Custom Field 2 |
Configurable Field |
See Custom Field 1. |
|
Custom Field 3 |
CMDB Custom Field 3 |
Configurable Field |
See Custom Field 1. |
|
Custom Field 4 |
CMDB Custom Field 4 |
Configurable Field |
See Custom Field 1. |
|
Custom Field 5 |
CMDB Custom Field 5 |
Configurable Field |
See Custom Field 1. |
|
Custom Field 6 |
CMDB Custom Field 6 |
Configurable Field |
See Custom Field 1. |
|
Custom Field 7 |
CMDB Custom Field 7 |
Configurable Field |
See Custom Field 1. |
|
Custom Field 8 |
CMDB Custom Field 8 |
Configurable Field |
See Custom Field 1. |
|
Custom Field 9 |
CMDB Custom Field 9 |
Configurable Field |
See Custom Field 1. |
|
Custom Field 10 |
CMDB Custom Field 10 |
Configurable Field |
See Custom Field 1. |