connectors icon indicating copy to clipboard operation
connectors copied to clipboard
verified publisher icon OpenCTI-Platform

[ServiceNow] Create the connector

Open Jipegien opened this issue 2 years ago • 2 comments

Use case

Create a stream connector for ServiceNow for syncing Cases.

NB: We are waiting for API access and more precise use case to begin working on it

Jipegien avatar Sep 04 '23 11:09 Jipegien

Talked to a member of our community needed that, here are requirements:

  • Assets with linked software / vulnerabilities from ServiceNow to OpenCTI
  • Be able to find a way to get alerted in ServicesNow when a vulnerability is targeted by a Threat Actor and is linked to an asset coming from ServiceNow

For vulnerability management, kind of decision tree:

  • Is this vulnerability has a CVSS score greater than XX
  • Is this vulnerability exploited by threat actors?
  • Is this vulnerability has exploit code (public / not public)?

=> Send alerts / open cases / adjust the severity and priority based on the decision tree.

SamuelHassine avatar Nov 29 '23 22:11 SamuelHassine

  1. Can there be "fetching" integration with SIR workspace, to get "specific" incidents and all its IOCs.
  2. In other case, any ticket in workspace which have IOCs can be enriched using octi?

vinayakcyber avatar Jul 29 '24 19:07 vinayakcyber