ServiceNow Vulnerability Configuration Guide
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

This guide walks you through configuring ServiceNow Vulnerability Response for use with Synqly's Vulnerabilities Connector.

ServiceNow supports token (API key) authentication or basic authentication with a username and password. Select the appropriate tab in Step 1:

API key (recommended): Token authentication with an inbound REST API key. Requires the Washington DC ServiceNow release or later.
Username and password: Use a dedicated service account when your instance does not support API keys.

After authentication is set up, configure the integration using the values from your chosen path.

Prerequisites

Log in and create a service account

Log in to ServiceNow as an admin.
Create a service account (recommended). A dedicated account avoids broken integrations if an employee account is deactivated. Go to All > Organization > Users, select New, set User ID (required), select Internal Integration User, and complete any other required fields. Open the new user, go to the Roles tab, select Edit..., and add the admin collection. The admin role is currently required for the Vulnerabilities connector to function. We plan to document a least-privilege role set in a later revision of this guide.

Configuration

The preferred method is token authentication. For more details, see this guide from ServiceNow.

API keys require the Washington DC ServiceNow release or later. Earlier instances need username and password; use the Username and Password tab.

1. Verify the API Key plugin

In All > Admin Center > Application Manager, search for HMAC Authentication and confirm API Key and HMAC Authentication (com.glide.tokenbased_auth) is activated. Activate it if it is not.

2. Elevate role

Open the user menu (face icon), choose Elevate Role, and select security_admin so you can configure API access.

3. Create the Inbound Authentication Profile

Go to All > System Web Services > API Access Policies > Inbound Authentication Profile. Click New, then Create API Key authentication profiles.

Give the profile a name that reflects an integration API key. In Auth Parameter, add Auth Header with the x-sn-apikey header. Click Submit.

4. Create an API Key

Go to All > System Web Services > API Access Policies > REST API Key. Click New, set a name for the key, and set User to the service account you created above (that user must have the admin role). Click Save.

Use the lock icon to view and copy the token. Store it securely.

5. Set the API Access Policy

Go to All > System Web Services > API Access Policies > REST API Access Policies and click New (this may take a moment).

Enter a descriptive name, set REST API to Table API, and ensure Apply to all methods is selected.

Configure the integration (API key)

URL
The root URL of your ServiceNow instance, for example https://<tenant>.service-now.com/.

Token
The API key value from step 4.

ServiceNow Vulnerability Configuration GuideCopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from Claude