- October 25, 2021: Separated Testing the Configuration section to its own page.
- November 11, 2019: Published.
This guide provides instructions for integrating the Bitsight Security Ratings Platform and the Bitsight for Security Incident Response application by ServiceNow.
Requirements
- ServiceNow (Tokyo, San Diego, or Rome)
- Bitsight for Security Incident Response
- System permission:
Sys_import_set_row - Bitsight Security Ratings
Instructions
- Go to the Bitsight platform and retrieve your Bitsight API token.
Please use a Company API token. They prevent existing integrations from breaking if certain user accounts are deleted.
- In the Bitsight for Security Incident Response application, assign a “x_bisit_secops_int.bitsight_secops_admin” role to a user.
- As an admin user, go to the Application Configuration module.
- Enter your Bitsight API token to the “API Token” field.
- Check if the API token is set correctly by selecting the Test API Connection button. See testing the configuration.
- Select the Company GUID button to automatically populate your company’s unique identifier.
- Configure the max age of observations to import from the Bitsight platform. This is also for triggering security incidents and tasks.
- Configure whether security incidents are to be created from observations.
- Configure whether Bitsight Secops Tasks are to be created from observations.
- Configure the max retention age of observations. Leave as “0” to prevent cleanup.
- Go to the “Observations Import Schedules” page.
- Open Bitsight Observations Import record.
- Set the import time as desired (recommended daily).
- Set the correct “Run As” user (existing active user with x_bisit_secops_int.bitsight_secops_admin role).
Leaving this blank will result in a failure during the creation of Security Incidents from Business rules.