Integrate Service-Now with Wazuh

[Gavi sunkad]

Hi team

I want to send alert from Wazuh and want to create tickets in Service-Now. 

Could you please share me the steps to integrate Service-Now with Wazuh...

Thanks in advance!

[hasitha.u...@wazuh.com]

Hi Gavi,

While we don’t currently offer an official guide for integrating Wazuh with ServiceNow, you can refer to our existing integration guides for Slack, PagerDuty, VirusTotal, Shuffle, and Maltiverse to get a better understanding of the process.

To set up an integration, include the following configuration within the <ossec_config> section of the /var/ossec/etc/ossec.conf file on your Wazuh server:

1. <integration>
2.   <name></name>
3.   <hook_url></hook_url> <!-- Required for Slack, Shuffle, and Maltiverse -->
4.   <api_key></api_key>   <!-- Required for PagerDuty, VirusTotal, and Maltiverse -->
5.   <alert_format>json</alert_format> <!-- Required for Slack, PagerDuty, VirusTotal, Shuffle, and Maltiverse -->
6.   <level>12</level>
7. </integration>

After updating the configuration, restart the Wazuh manager using this command: systemctl restart wazuh-manager

For more details on optional filters, you can explore this link.

Next, you’ll need to create a custom script to forward alerts to ServiceNow. You can find additional guidance on crafting a custom script here:

• Custom Integration
• Creating an Integration Script

Once your script is ready (e.g., custom-servicenow.py), assign the appropriate permissions. For example: chmod 750 /var/ossec/integrations/custom-servicenow.py
chown root:wazuh /var/ossec/integrations/custom-servicenow.py

Finally, restart the Wazuh manager again to apply the changes: systemctl restart wazuh-manager

Feel free to reach out if you need more help with this process! Regards, Hasitha Upekshitha