Skip to main content

Integrate ServiceNow with bidirectional sync (Northstar)

The Contrast bidirectional sync with the ServiceNow integration enables ServiceNow users to ingest Contrast incident data, observables, and related vulnerabilities into a centralized incident management workspace. This lets you consolidate Contrast incidents with incidents from other SecOps tooling, such as firewalls, intrusion prevention systems (IPS), intrusion detection systems (IDS), and vulnerability management solutions, while maintaining your existing workflows in ServiceNow.

This integration provides full-featured bidirectional synchronization with ServiceNow. As an administrator, you control which incidents are sent from Contrast. The integration automatically enriches the created ServiceNow incidents with detailed technical observables. It also enables two-way synchronization of incident statuses and comments, so updates on either platform are reflected in the other, creating a unified workflow for incident response.

How it works

This integration offers bidirectional synchronization of incident data between Contrast and ServiceNow. You can enable or disable this functionality globally in the integration settings.

When an incident is closed or updated in ServiceNow, the following information syncs back to Contrast:

  • Status updates: When a ServiceNow incident state changes to Closed, Contrast automatically updates the corresponding incident status

  • Close code and reason: Use, for example, Resolved, False Positive, or Duplicate

  • Close notes: A summary of the final resolution

  • Comments: Work notes or comments added to a ServiceNow incident are automatically synced and appended to the incident's activity feed in Contrast

Before you begin

Ensure you have the following information:

  • ServiceNow instance URL: The full URL of your organization's ServiceNow instance

  • ServiceNow admin role: A ServiceNow administration role, such as security_admin, is required to install the Contrast application

  • Activated ServiceNow plugins: Confirm required plugins are active in ServiceNow. See Configure in ServiceNow for details.

  • Go to User menu > User settings and copy each credential from your Organization ID, API key, and Authorization header. The Authorization header is required so ServiceNow can authenticate to Contrast for bidirectional sync.

  • Least privilege service account: Recommended. Set up a least privilege service account for guidance on creating an API-only user with the minimum required permissions.

Configure in Contrast and ServiceNow

  1. Set up the integration in Contrast first.

  2. After configuring in Contrast, complete the setup in ServiceNow.

In this section: