- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
ServiceNow Cloud Connector
ServiceNow offers software as a service (SaaS) for technical management support to help organizations manage digital workflows for enterprise operations. The ServiceNow cloud computing platform provides IT service management (ITSM) services to process customer service requests including incidents, problems, changes, and other services. For more information, see the ServiceNow Documentation.
Prerequisites to Configure the ServiceNow Connector
Before you configure the ServiceNow connector you must complete the following prerequisites:
Ensure that you have ServiceNow Fuji release version or later
Note the user name and password of a user with read permission for the following tables:
sysevent (login events)
sys_audit (user lockout and update related events)
sys_audit_role (roles related events)
sys_user (user added events)
pwd_reset_request (password reset events)
sys_attachment (attachment events)
syslog_transaction (resource views events)
report_view (report run events)
sys_user_role (roles defined, data enrichment)
Ensure that you enable table auditing for the following system tables to track changes:
sysevent (login events)
sys_audit_delete (user deleted events)
sys_audit (user lockout and update related events)
sys_audit_role (roles related events)
sys_user (user added events)
pwd_reset_request (password reset events)
sys_attachment (attachment events)
syslog_transaction (resource views events)
report_view (report run events)
Obtain the value for the ServiceNow Time Zone
Enable Auditing for a Table
To enable auditing for a table:
Log in to the ServiceNow console as an administrator.
Navigate to System Definition > Dictionary.
Select the table you want to audit, in the list of dictionary entries. For example, cmdb_ci_computer or sys_user.
Select the dictionary entry for the table.
Select Audit to enable table auditing.
Click Update.
Note
Follow this procedure to enable and verify table auditing for multiple tables for which you want to get audit.
Obtain the Time Zone Value
To obtain the time zone value:
Log in to the ServiceNow console as an administrator.
Navigate to Self Service > My Profile.
Click your profile image, then click Profile.
Note the time zone value on the profile page.
Configure the ServiceNow Connector
ServiceNow offers software as a service (SaaS) for technical management support to help organizations manage digital workflows for enterprise operations. The ServiceNow cloud computing platform provides IT service management (ITSM) services to process customer service requests including incidents, problems, changes, and other services. For more information, see the ServiceNow Documentation.
The following table displays audit source API and security events supported by the connector.
Audit Source: API | Service or Module Covered | Event Types | Event Included |
|---|---|---|---|
sysevent table events | The event log records all system events that occur within the system. For example, login success, login failed, logout, attachment downloaded, and user impersonation events | ||
User management | sys_audit table events | User locked-out, unlocked, added, deleted, updated, activated, and deactivated | |
Password management | Password rest, password changed | ||
Resources management | Resource created, deleted, and updated | ||
User deletion | sys_audit_delete table | User deletion events | |
Resource deletion | sys_audit_delete table | Represents events related to deletion of resources in the system | |
User | User management | sys_user table | Represents user management events such as user profile edited, and settings changed |
Password history | History for the password field of the user | ||
Role management | sys_audit_role table | Represents changes to user roles | |
Transaction Log | Transaction log | syslog_transaction table | Represents transactions activities such as resource viewed |
Report View | Reports usage | Represents events related to reports usage such as report run | |
System Attachment | Attachment management | sys_attachment table | Represent activities related to attachments such as attachment uploaded |
To configure the ServiceNow connector to import data into the Exabeam Cloud Connectors platform:
Complete the Prerequisites to Configure the ServiceNow Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select ServiceNow from the list.
In the Accounts section, enter the required information. Required fields are indicated with red bar.
Account Name – Specify a name for the connector. For example, ServiceNow_customer_support.
(Optional) Description – Describe the ServiceNow connector. For example, Corporate service management system.
Hostname – Enter the domain name for the ServiceNow account. For example, myorg.servicenow.com.
Username – Enter the user name of ServiceNow administrator.
Password – Enter the password for the ServiceNow administrator.
Time-Zone – Enter the time zone value that you obtained while completing prerequisites. The Exabeam Cloud Connector platform uses this value while ingesting audit events from ServiceNow.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK.