Connect ServiceNow to Anzenna
Integrate Anzenna with ServiceNow to create automated tickets for security issues, track incident management, and streamline security operations.
Prerequisites
- ServiceNow administrator access
- Anzenna account
ServiceNow instance (not Personal Developer Instance)
- OAuth application creation permissions
Overview
The integration enables:
Automated ticket creation from security events
- Incident tracking and management
- Service catalog integration
- Security issue workflow automation
- ITSM and security operations alignment
Step-by-Step Instructions
Part 1: Initial Setup in Anzenna
Sign into Anzenna at
app.anzenna.ai
Navigate to Settings > Integrations
Select Connect Apps
Click Connect to ServiceNow
Part 2: Create OAuth Application in ServiceNow
Log into your ServiceNow instance as administrator
Navigate to System OAuth > Application Registry
Click New to create a new OAuth API endpoint
Select Create an OAuth API endpoint for external clients
Part 3: Configure OAuth Application
Enter application details:
- Name:
Anzenna Client ID: (auto-generated, note this value)
- Name:
Set Access Token Lifespan to:
259200000
This sets expiry to approximately 3000 days (~8 years), avoiding repeated credential requests and maintenance overhead.
Under Redirect URL, leave default or enter Anzenna's callback URL if provided
Click Submit to create the application
Part 4: Retrieve OAuth Credentials
After creation, locate your new OAuth application
- Copy the Client ID
Copy the Client Secret (click to reveal if hidden)
Store both Client ID and Secret securely. You'll need them for authentication.
Part 5: Generate Access Token
Open a terminal or command prompt
Execute the following curl command (replace placeholders with your values):
curl --request POST \ --url 'https://<instance_name>.service-now.com/oauth_token.do' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data 'grant_type=password' \ --data 'client_id=YOUR_CLIENT_ID' \ --data 'client_secret=YOUR_CLIENT_SECRET' \ --data 'username=YOUR_SERVICENOW_USERNAME' \ --data 'password=YOUR_SERVICENOW_PASSWORD'
Copy the access_token from the JSON response
Response format:
{
"access_token": "YOUR_ACCESS_TOKEN_HERE",
"refresh_token": "...",
"scope": "...",
"token_type": "Bearer",
"expires_in": 259200000
}
Part 6: Complete Connection in Anzenna
Return to Anzenna connection interface
Enter your ServiceNow instance base URL:
https://<instance_name>.service-now.com/
Include the trailing slash. Format: https://your-instance.service-now.com/
Paste the access token in the designated field
Click Save credentials
Part 7: Configure Service Catalogs
Choose service catalogs to sync with Anzenna — select catalogs relevant to security operations
Select catalog items to include — focus on security-related items and incident types
Click Save or Finalize configuration
Verify integration shows as Connected
Verification
Check integration status shows Connected
- Test ticket creation from Anzenna
- Verify tickets appear in ServiceNow
- Check bidirectional sync is working
- Review catalog item sync
What Data is Collected
Incident Data
- Incident numbers and IDs
- Status and priority
- Assignment information
- Resolution notes
- Timeline of changes
Service Catalog
- Available service items
- Catalog categories
- Request templates
- Approval workflows
User Information
- User assignments
- Group memberships
- Role information
- Contact details
Configuration Items (CIs)
- Asset relationships
- Configuration data
- Service dependencies
Integration Capabilities
Automated Ticket Creation
Anzenna can automatically create ServiceNow tickets for:
- Security policy violations
- Data exfiltration attempts
- Suspicious user activity
- Compliance violations
- Threat detections
Ticket Updates
Bidirectional sync supports:
- Status updates
- Assignment changes
- Priority modifications
- Resolution notes
- Comment additions
Workflow Automation
Route security incidents to appropriate teams
- Escalate based on severity
- Track investigation progress
- Document remediation steps
Troubleshooting
OAuth Token Generation Fails
- Verify Client ID and Secret are correct
- Check username and password are accurate
- Ensure user has OAuth access permissions
- Confirm instance URL is correct
- Review ServiceNow OAuth settings
Connection Fails in Anzenna
- Verify access token was copied completely
Check instance URL format (include trailing slash)
Ensure token hasn't expired (check lifespan)
- Confirm network connectivity to ServiceNow
- Review ServiceNow security policies
No Tickets Creating
Verify OAuth application has necessary scopes
Check user permissions for incident creation
Ensure catalog items are properly configured
- Review ServiceNow audit logs
- Test manual ticket creation in ServiceNow
Token Expires
- Regenerate token using curl command
- Update in Anzenna immediately
- Consider longer token lifespan
- Set calendar reminder before expiration
Security Considerations
OAuth 2.0 - Secure password grant flow
Long-lived tokens - Reduce maintenance overhead
Scoped access - Limited to necessary operations
Audit logging - All API calls logged in ServiceNow
Credential rotation - Plan for token refresh
Best Practices
Use service account — Dedicated account for integration
Long token lifespan — Set to maximum allowed
Document credentials — Store securely with access instructions
Test thoroughly — Verify ticket creation before production
Monitor initially — Watch for errors in first week
Define workflows — Clear processes for security incidents
Regular audits — Review integration quarterly
Integration Maintenance
Regular Checks
Perform monthly:
- Verify connection active
- Test ticket creation
- Review sync accuracy
- Check token expiration
Token Renewal
- Generate new access token
- Update in Anzenna
- Test connection
- Verify ticket creation works
ServiceNow Updates
- Test OAuth connectivity after upgrades
- Verify API compatibility
- Check for new features
- Update documentation
OAuth Scopes Required
The integration needs:
useraccount — User authentication
incident.read — Read incidents
incident.write — Create/update incidents
catalog.read — Read service catalogs
Scopes are typically granted automatically with OAuth app creation.
ServiceNow Instance Requirements
Production or non-PDI instance — Personal Developer Instances not supported
OAuth enabled — OAuth must be activated
API access — REST API must be accessible
User permissions — Admin or appropriate roles
Related Resources
Need help? Contact
Anzenna Support
for assistance.