ServiceNow Incident Integration - Recommended Webhook Syntax

Detailed guidance on how to customize the payload template when setting up Incident creation integrations with ServiceNow using Webhooks

We recommend you use the following approach to simplify the process of creating Incidents within ServiceNow. Use the template below as the basis for all notification types, modifying it as described.

Payload Template

{

"correlation_id":"",

"correlation_display":"UpGuard",

"short_description": "",

"description": "<Change as per table below>",

"impact":"<Use 1 Digit - 1=High, 2=Medium, 3=Low>",

"urgency":<Use 1 Digit - 1=High, 2=Medium, 3=Low>",

"caller_id":"<Change to the name of API User>",

"assignment_group":"<Change to the name of group>"

"assigned_to":"<Change to the name of Person>"

}

Syntax Highlights

• The message needs to be in valid JSON format, surrounded by curly brackets { }, and is a comma delimited series of field name/field value pairs

• The field names (such as correlation_id, short_description) must be enclosed in double quotes and must match ServiceNow column names

• The field values may either be hardcoded values or interpreted fields that extract data from UpGuard, and must be enclosed in double quotes

• The use of double left curly braces . You may include two or more UpGuard data elements within one ServiceNow field such as " - "

Remember to

• Replace the contents of the impact field as either 1, 2 or 3 according to your classification of the issue

• Replace the contents of the urgency field as either 1, 2 or 3 according to your classification of the issue

• ServiceNow will calculate the Priority of the Incident based on the values of the Impact and Priority - see this article for full details

• Field values beginning with < and ending with > need to be customized. Remove the < and > and replace inside the double quotes as described below.

• Replace the contents of the caller_id based. on the name of the User you established to give UpGuard API permissions (remove the < and > from the field value).

• Replace the contents of assignment_group based on the name of the Group established within ServiceNow(remove the < and > from the field value).

• Replace the contents of assigned_to field based on the name of the User of the specific individual you want to allocate the Incident to (remove the < and > from the field value). You can omit this Delete this entire line if you wish to leave this field empty.

• Replace the contents of the description field based on the suggested syntax below (remove the < and > from the field value)

Description Templates

Tables can't be imported directly. Please insert an image of your table which can be found here.

Area

Type

Template

BreachSight - Data Leaks

Data leak published

UpGuard has detected a new Data Leak - at . See more details at

BreachSight - Risks & Scoring

Domain/IP removed

Domains and/or IPs have been removed:

BreachSight - Identity Breaches

Identity breach detected

UpGuard has detected a new Identity Breach - at . See more details at

BreachSight - Identity Breaches

Identity breach for VIP detected

UpGuard has detected a new VIP Identity Breach - at . See more details at

BreachSight - Risks & Scoring

New domain or IP detected

New domains and/or IPs have been detected:

BreachSight - Typosquatting

Registration changed on typosquatting domain

, a permutation of , have changed.\r\nA Records\r\nNS Records\r\nMX Records

BreachSight - Typosquatting

Typosquatting domain registered

, a permutation of , has been registered.\r\nA Records\r\nNS Records\r\nMX Records

See Also

To continue building integrations, read these articles next:

• How to integrate notifications with ServiceNow

• Using Liquid syntax to customize your integration

• How to integrate UpGuard with other services