Skip to main content

Configure in ServiceNow

After configuring Contrast, complete the setup in ServiceNow to establish the connection and enable event processing.

Before you begin

Before installing the Contrast application in ServiceNow, confirm the following plugins are active in your ServiceNow instance. To check, go to System Definition > Plugins in your ServiceNow admin console.

Plugin

Purpose

Security Incident Response (com.snc.security_incident)

Core plugin that enables the Security Incident Management module. Required for Contrast to create and update security incidents.

Security Support Common (com.snc.security_support_common)

Provides shared data models and utilities used across ServiceNow security applications.

CMDB (com.snc.cmdb)

Enables the configuration management database. Required for application inventory lookup and observable enrichment.

Steps

  • Install the Contrast application:

    1. Log in to your ServiceNow instance as a user with the security_admin role.

    2. Go to System Applications > All Available Applications > All.

    3. Search for Contrast Security and select the Contrast Security for ServiceNow application.

    4. Select Install and follow the on-screen prompts to complete installation.

  • Configure the Contrast connection in ServiceNow:

    After installation, configure the connection so ServiceNow can communicate with the Contrast API.

    1. In your ServiceNow instance, go to Contrast Security > Configuration.

    2. In the Contrast URL field, enter the base URL for your Contrast instance (for example, https://app.contrastsecurity.com).

    3. In the Organization ID field, enter the Organization ID you copied from Contrast.

    4. In the API key field, enter the API key you copied from Contrast.

    5. In the Authorization header field, enter the Authorization header value you copied from Contrast. This credential authenticates ServiceNow to the Contrast API for bidirectional communication.

    6. Select Test connection to verify the credentials are valid.

    7. Select Save.

  • Configure bidirectional sync rules:

    By default, the integration sends Contrast incidents to ServiceNow when they are created or updated. To enable the return path so ServiceNow pushes status changes and comments back to Contrast, configure the following in ServiceNow.

    1. Go to Contrast Security > Sync Settings.

    2. Enable the Bidirectional sync toggle.

    3. Under Close code mapping, review the default mappings between ServiceNow close codes and Contrast status values. The following default mappings apply:

      ServiceNow close code

      Contrast status

      Solved (Permanently)

      Remediated

      Solved (Work Around)

      Remediated

      Not Solved (Not Reproducible)

      Suspicious

      Closed/Resolved by Caller

      Remediated

      False Positive

      False Positive

      Duplicate

      Duplicate

    4. Adjust the mappings if needed to match your organization's workflow, then select Save.

    Note

    Close code mappings determine how ServiceNow resolution values translate into Contrast incident statuses. Confirm these mappings with your security team before going live.

  • View incidents in ServiceNow:

    Once the integration is active, Contrast incidents appear in ServiceNow under Security Incident Response > Security Incidents. Each incident is enriched with observables from Contrast, including application name, vulnerability type, attack details, and the originating IP address.

    To navigate directly from a Contrast incident to the corresponding ServiceNow record, select View in ServiceNow from the incident detail view in Contrast. This action is available once the integration is active and the incident has been synced.

    1. While creating or editing the API-only user, assign roles scoped to your organization's resource groups.

    2. Select the Incident management role from the role dropdown.

    3. If you use application groups, ensure the service account is a member of the groups containing the relevant applications.

    4. Select Save.

  • Retrieve API credentials for the service account:

    1. After creating the service account, retrieve the API credentials needed to configure ServiceNow.

    2. In Northstar, Go to Administration > Access control and search for the email address you assigned to the service account.

    3. Select the cloud icon next to the user. A Copy API credentials screen appears.

    4. Copy the Authorization header from this screen.

    5. Go to Administration > Organization to view and copy the API key for your organization.

    Use both values when configuring the Contrast connection in ServiceNow.

In this section: