Effective August 18, 2023, the integration between ServiceNow and Nebula has reached its End of Maintenance (EOM). While the integration remains available for use, we would like to inform you that it will no longer receive updates. We encourage you to exercise caution when using this integration, as any use will be at your own risk. We are committed to providing ongoing support for common product usage questions and access to our online articles.
The app for ServiceNow integrates with Nebula to schedule endpoint scans and gather threat event information. This article describes the install and configuration process for the integration.
Install the app for ServiceNow
Before you begin the installation process, verify the Security Incident Response plugin is installed and active on your ServiceNow instance.
- Open the ServiceNow Store and click the Malwarebytes Integration for Security Operations tile.
- Click the Get button on the right side of the screen then enter your HI credentials.
- After installation completes, confirm the app is installed.
- Log into ServiceNow.
- In the search box, enter "system app".
- Click on System Applications - Applications.
- Click on Downloads.
- Confirm Malwarebytes - Security Incident Response appears in the Downloads page.
Configure the app
- In the Filter navigator search box, enter "integration".
- Click on Security Operations - Integration Configuration.
- On the Malwarebytes tile, click Configuration and Support.
- In the configuration window:
- Check the Enabled box.
-
Malwarebytes API Credentials
- To get your Cloud Console Account Id:
- Log in to Nebula.
- In the address bar of your browser, copy your Cloud Console Account Id. This is the string of alphanumeric characters and dashes found in your logged-in Nebula console URL between "malwarebytes.com/" and "/dashboard".
- In ServiceNow, paste the copied characters into the Cloud Console Account Id field.
- To get your Cloud Console Client Id and Cloud Console Client Secret:
- Click this Nebula link.
- Click Add, then provide the Application name and select the required access, then Save.
- Copy the generated Client Id.
- In ServiceNow, paste the Client Id in the Cloud Console Client Id field.
- Return to Nebula, copy the generated Client Secret.
- In ServiceNow, paste the Client Secret in the Cloud Console Client Secret field.
- To get your Cloud Console Account Id:
-
Admin Credentials
- In the Adminuser field, enter your ServiceNow username.
- In the Adminpass field, enter your ServiceNow password.
-
Ticket Creation for Detections
- Check Enabled for ticket created on detections.
- Choose your Ticket Type Detections.
- For Detection Category click the drop down and select detection types for ticket creation.
-
Ticket Creation for Suspicious Activity
- Check mark Suspicious Activities Ticket Creation to enable.
- Choose your Ticket Type Suspicious Activities.
- In the Suspicious Activity Level, click the drop down and select a severity level for ticket creation.
-
Inactive Endpoints
- Click the Mark endpoints as Inactive after drop down and select a time frame for endpoints to be marked as inactive.
- Click on Submit.
Return to the Nebula Integration with ServiceNow guide.