
ServiceNow CDF
Overview
ServiceNow is an incident response & workflow platform that allows users to create, track, and manage incidents across their entire business.
The ServiceNow CDF for ThreatQ enables the automatic ingestion of tickets & their context from ServiceNow, into ThreatQ.
The integration provides the following feeds:
- ServiceNow Security Incidents - ingests Security Incidents from ServiceNow’s Security Incident Response (SIR) module.
- ServiceNow Security Cases - ingests Security Cases from ServiceNow’s Threat Intelligence (TI) module.
- ServiceNow Security Incident Response Task - ingests incident response tasks from ServiceNow’s Security Incident Response module into ThreatQ.
- ServiceNow Service Desk Incidents - ingests service desk incidents from ServiceNow into ThreatQ.
- ServiceNow Observables - ingests observables from ServiceNow’s Threat Intelligence module into ThreatQ as indicators.
The integration ingests the following system objects:
- Adversaries
- Attack Patterns
- Incidents
- Indicators
- Malware
- Tools