Send host data to ServiceNow

[kswagler-rh]

Goal

As a Fleet user, I want to be able to use Fleet to create Service-Now tickets when a new vulnerability or Policy violation is detected.

Service-Now is a popular application for IT ticket tracking, Incident, and Vulnerability management. We could use it for tracking vulnerabilities in Incident tickets or in the Vulnerability Response Module or by creating a ticket when a condition is met.

How?

Implementation similar to the Jira and Zendesk integrations.

[lukeheath]

@kswagler-rh Thank you for the suggestion!

@noahtalerman I am assigning to you for product roadmap consideration.

[noahtalerman]

Thanks Luke!

I think this is a great issue to bring to the next Product office hours. This way, it can be weighed (prioritized or set aside).

@ksatter I'm assigning you for bringing the issue to the next Product office hours.

[ksatter]

@noahtalerman Thanks, Added to the agenda!

[noahtalerman]

Notify these folks when this issue makes it into a planned release or is de-prioritized:

• @ksatter

This improvement was prioritized (committed to release in the next 6 weeks) during 🗣 Product office hours on 2022-05-10.

[noahtalerman]

Hey @kswagler-rh heads up, this issue is being de-prioritized. Please tag @ksatter in a follow up message if you think the Fleet team should consider reprioritizing this.

The "Expansion of host vitals" epic (https://github.com/fleetdm/fleet/issues/397) will likely fill interface capacity for the next 6 weeks.

[noahtalerman]

@lukeheath about how much work do you think this would take? 2 engineers for an entire release? More?

I'm trying to get a better gauge when/if we decide to prioritize this in the future.

[lukeheath]

@noahtalerman We need to move the integration logic from the global configs to individual REST endpoints before adding more integrations. That will be the big chunk of work that could easily take two engineers a full release. We've been wanting to prioritize that for awhile, and with Frank joining it might be a good time.

Once that's done, adding new integrations will be much simpler and stable. We're probably looking at a total of 2 engineers for three dev weeks to refactor the integration logic and implement a new provider.

[noahtalerman]

Got it thanks!

[noahtalerman]

@nonpunctual when you get the chance, can you please check if there's a third-party that writes integrations w/ ServiceNow?

[nonpunctual]

From my former ServiceNow admin:

Hi Brock!

ServiceNow has a couple different connectors depending on what type of integration you are looking for and they are both created and supported by ServiceNow and not a third party.

What we setup here at S... is called the "Service Graph Connector" which is part of ServiceNow's ITOM package (it's basically an extension of ServiceNow Discovery). That is strictly used for bringing asset data in to populate the asset repository and CMDB. Very simple to setup.

There is also a a set of what they call integration "spokes" used for API integrations going from ServiceNow to Jamf. So if there were say some type of automation you wanted to facilitate through a ServiceNow workflow that automatically pushed something to a Jamf API, that is what you would want to leverage and it includes several pre-built integration packages supported by ServiceNow.

Access to both of these products is dependent on a customer's ServiceNow licensing.

Hopefully that helps!

[noahtalerman]

Thanks @nonpunctual. Sounds like we'd need to build some stuff (no third party). Some code to set config for a users's ServiceNow credentials and code to hit ServiceNow endpoints.

We discussed this at feature fest.

We decided not to work on drafts for this in the upcoming sprint (4.49)

Removing from feature fest.

[nonpunctual]

Yeah I maybe didn't have the whole picture. I still am going to see if I can contact someone at ServiceNow to build interest so they build the connector for us. I think this is something they should do, not us.