Bitsight for IT Service Management by ServiceNow: Integration Guide

The Bitsight for IT Service Management integration is certified by ServiceNow and is available in the ServiceNow App Store.

Summary

The integration between ServiceNow’s IT Service Management (ITSM) module and BitSight enables organizations to seamlessly manage cybersecurity findings within their existing ITSM workflows. Delivered as an out-of-the-box application from the ServiceNow Store, the solution connects BitSight Security Performance Management with ITSM to streamline incident creation, tracking, and remediation.

Configuration begins by applying a BitSight API token, typically tied to a service account. Users can choose which entity in their ratings tree to monitor, set thresholds for severity levels, asset importance, or grades, and select specific risk vectors relevant to their organization. Flexible options allow incidents to be automatically assigned to designated users or groups, while remediation statuses in BitSight can be mapped directly to ServiceNow states. Historical findings, such as from the past 30 days, can also be imported during setup.

Once active, the integration creates detailed incidents in ServiceNow with fields like severity, grade, asset, and priority, alongside contextual links back to the BitSight portal. Findings can also be tied to CMDB configuration items for better context. A dynamic dashboard provides visibility into findings by category, severity, asset importance, grade, and risk factor, with drill-down capabilities to focus on specific trends or issues.

Demo

A short video demo of the ITSM integration can be seen in Bitsight Academy.

Requirements

• Bitsight Security Ratings SPM App
• A supported version of ServiceNow.
• The Bitsight for IT Service Management solution.
• The Incident plugin, which provides the base functionality for incident management. Included with the ServiceNow IT Service Management (ITSM) package.
  • If you have an ITSM package already in your instance, you do not need to install the plugin separately.
  • If you do not have an ITSM package, you will be asked to install the Incident plugin when installing Bitsight for IT Service Management.
• Bitsight for Security Performance Management Connector, which includes Bitsight for IT Service Management. This is automatically installed during the installation of dependent applications and all configurations are done through the dependent application; it does not require installation or configuration by the user.
• Required system table permissions: sys_import_set_row

Download and Installation

1. Download and Install the application, available in the ServiceNow App Store.
2. Copy and paste a Bitsight company API token to the “API Token” field to use it in the application. To ensure existing integrations do not break when certain user accounts are deleted, please use a company API token as opposed to a user API token. To generate a new API token, go to the Company API Token section of the Account page in the Bitsight platform. Remember, API tokens should be treated as a password. If you think your token might have been compromised, you can always generate a new one, which will invalidate the previous token. If the integration is failing, see troubleshooting for details.
3. Assign a ServiceNow Admin role (itsm_app_admin) to a user.
4. As a ServiceNow Admin, navigate to the Bitsight for ITSM Application Configuration module and set the following configurations:
   • Section 1:
     1. Set the API Token to the Bitsight API token. Select the Validate Token button to check if the API token is set correctly.
     2. Select the organization you would like to receive findings details for. Relationships are structured as a parent company and a subsidiary company (child). Subsidiaries are companies that are within the hierarchy of an organization. They are depicted in an organization’s Ratings Tree in the Bitsight platform.
   • Section 2:
     1. Configure the finding severity to filter the finding details.
     2. Configure the asset importance to filter the finding details.
     3. Configure the risk vector to filter by particular risk vectors.
     4. Configure the Incident Assignment to assign the incident tickets to a group/user. If opted, this should point to the users who will deal with the incidents.
     5. Configure the caller field to set the Caller field in incident tickets. This is done as caller is a mandatory field. It can just be a web-only user. All incidents will have this user as the caller.

     6. Configure the mapping of the incident status to the Bitsight Remediation Status to enable the synchronization of status from ServiceNow to Bitsight.

     7. Define the number of days back of findings data that the integration should pull.

5. As a ServiceNow Admin, navigate to the Data Import Job Schedule [Bitsight for ITSM ➔ Data Import Job Schedules] and set the import time as desired.

The first run will import Bitsight findings into the incident table. If configured, an incident for any findings will be created for resolution.

To test immediately, execute the import scripts as ServiceNow admin. This should import the findings immediately into the system.

Non-Admin users of this application need to be assigned the User (itsm_app_user) role. All such users also need to have the itil role to be able to access the incidents. This can be done either by assigning the itil role directly to the user or by editing the User role to include the itil role.