ServiceNow is an incident response & workflow platform that allows users to create, track, and manage incidents across their entire business.

The ServiceNow CDF for ThreatQ enables the automatic ingestion of tickets & their context from ServiceNow, into ThreatQ.

The integration provides the following feeds:

• ServiceNow Security Incidents - ingests Security Incidents from ServiceNow’s Security Incident Response (SIR) module.
• ServiceNow Security Cases - ingests Security Cases from ServiceNow’s Threat Intelligence (TI) module.
• ServiceNow Security Incident Response Task - ingests incident response tasks from ServiceNow’s Security Incident Response module into ThreatQ.
• ServiceNow Service Desk Incidents - ingests service desk incidents from ServiceNow into ThreatQ.
• ServiceNow Observables - ingests observables from ServiceNow’s Threat Intelligence module into ThreatQ as indicators.

The integration ingests the following system objects:

• Adversaries
• Attack Patterns
• Incidents
• Indicators
• Malware
• Tools