ServiceNow Integration

XGEN SOAR Integration

SOAR and IT ticketing systems have some superficial similarities—they both intake alerts and assign them to personnel for handling—but their capabilities and the ways they are used are both largely distinct. D3’s integrations with ServiceNow’s ITSM module enable SOC and IT teams to leverage both solutions for collaboration, escalation, and orchestration of important security tasks.
ServiceNow Integration

Download Integration Guide

Integration features

Escalate ServiceNow tickets to D3 for automation-powered investigation and response
Create ServiceNow tickets from D3 to schedule IT-related security tasks
Bidirectional integration to update the status of tickets and incidents and related information
Trigger D3 actions from ServiceNow via D3’s RESTful API

Key Use Case

ServiceNow Integration

#1: Ticket Escalation

In order to enable stronger security processes without completely reconfiguring their IT infrastructure, ServiceNow users can escalate tickets to create incidents in D3 when the ticket requires investigation by the SOC team. D3 can ingest ticket information including the assignee, description, priority, and comments, which might include threat intelligence that was added in ServiceNow. ServiceNow has its own script-running platforms, which allow it to trigger actions via D3’s RESTful API.
ServiceNow Integration

#2: Inter-Team Orchestration

In organizations where the IT team uses ServiceNow and the SOC team uses D3, D3 can send tickets to ServiceNow to assign IT-related security tasks. These might include blocking an IP, quarantining an endpoint, scheduling a patch, or scheduling a vulnerability scan. The D3 user can set the fields they wish to populate in the ServiceNow ticket, such as the ticket number, priority, IP address, endpoint info, and the assigned user or team. The integration is bidirectional, allowing ServiceNow users to update the incident in D3, such as resolving the incident when the ticket is closed.
X ServiceNow Integration