Skip to content
QCecuring

ServiceNow CMDB & Incident Integration

ServiceNow CMDB & Incident Integration

Section titled “ServiceNow CMDB & Incident Integration”

Sync your cryptographic assets to ServiceNow CMDB as Configuration Items and automatically create incidents when policy violations or compromised assets are detected. Bring crypto visibility into your enterprise ITSM workflow.

hidden ServiceNow CMDB showing crypto assets as Configuration Items with relationships to servers

What It Does

Section titled “What It Does”

The ServiceNow integration operates in two modes:

  1. CMDB Sync — Push crypto assets (certificates, keys, algorithms) as Configuration Items with relationships to existing server and application CIs
  2. Incident Creation — Automatically create incidents for policy violations, compromised assets, or expired certificates

Configuration (Planned)

Section titled “Configuration (Planned)”
integrations:
  servicenow:
    instance: company.service-now.com
    username: cbom_integration
    password: "..."
    cmdb_sync:
      enabled: true
      ci_class: cmdb_ci_certificate
      sync_interval: daily
      relationship_type: "Runs on::Runs"
      attributes_map:
        name: asset_name
        serial_number: serial_number
        valid_from: not_valid_before
        valid_to: not_valid_after
        algorithm: algorithm
        key_size: key_size
        risk_level: quantum_risk
    incidents:
      enabled: true
      assignment_group: "Crypto Security"
      category: Security
      subcategory: Cryptography
      triggers:
        - event: policy_violation
          priority: 2
          short_description: "CBOM: Policy violation - {asset_name}"
        - event: compromised_asset
          priority: 1
          short_description: "CBOM: Compromised crypto asset - {asset_name}"
        - event: cert_expired
          priority: 2
          short_description: "CBOM: Certificate expired - {asset_name}"

Mode 1: CMDB Sync

Section titled “Mode 1: CMDB Sync”

What Gets Synced

Section titled “What Gets Synced”

Each crypto asset becomes a Configuration Item in ServiceNow:

CBOM FieldServiceNow CI Attribute
Asset Namename
Asset Typeci_class (certificate, key, etc.)
Algorithmalgorithm (custom attribute)
Key Sizekey_size (custom attribute)
Risk Levelquantum_risk (custom attribute)
Valid Fromvalid_from
Valid Tovalid_to
Serial Numberserial_number
Lifecycle Stateoperational_status
LocationsRelationships to server CIs

Relationships

Section titled “Relationships”

CBOM automatically creates CI relationships:

┌──────────────────┐         ┌──────────────────┐
│  Server CI       │◀───────▶│  Certificate CI  │
│  prod-web-01     │ Runs on │  api.example.com │
└──────────────────┘         └──────────────────┘
                                      
                                      │ Uses
                                      
                             ┌──────────────────┐
                             │  Key CI          │
                             │  RSA-2048 key    │
                             └──────────────────┘

Sync Behavior

Section titled “Sync Behavior”
  • Initial sync — Full export of all CBOM assets to CMDB
  • Incremental sync — Only changed assets are updated (daily or on-demand)
  • Decommission — Assets removed from CBOM are marked as retired in CMDB
  • Conflict resolution — CBOM is the source of truth for crypto attributes

Mode 2: Incident Creation

Section titled “Mode 2: Incident Creation”

Example Incident

Section titled “Example Incident”
FieldValue
Short DescriptionCBOM: Policy violation — payment-gateway RSA key
CategorySecurity
SubcategoryCryptography
Priority2 - High
Assignment GroupCrypto Security
Description(full details below)

Incident Description

Section titled “Incident Description”
Cryptographic policy violation detected by CBOM.


Asset: payment-gateway RSA-2048 signing key
Policy: NIST Post-Quantum Cryptography Compliance
Violation: RSA-2048 is quantum-vulnerable (Shor's algorithm)
Risk Level: CRITICAL


Remediation:
1. Generate ML-DSA-65 replacement key
2. Update payment-gateway configuration
3. Rotate dependent certificates
4. Deactivate old key in CBOM


CBOM Link: https://cbom.company.com/assets/abc123

Incident Workflow

Section titled “Incident Workflow”
┌──────────┐    ┌──────────┐    ┌──────────────┐    ┌──────────┐
│  CBOM    │───▶│ Incident │───▶│  Assignment  │───▶│ Resolved │
│  Detects │    │ Created  │    │  & Work      │    │ & Closed │
└──────────┘    └──────────┘    └──────────────┘    └──────────┘
                                                          
                                                          
                                                    ┌──────────┐
                                                    │ CBOM     │
                                                    │ Updated  │
                                                    └──────────┘

Bidirectional Sync (Planned)

Section titled “Bidirectional Sync (Planned)”

When an incident is resolved in ServiceNow, CBOM can automatically:

  • Update the asset’s lifecycle state
  • Mark the violation as remediated
  • Close related alerts in other integrations (Slack, Teams)

Use Cases

Section titled “Use Cases”
  • Enterprise ITSM integration — Crypto management fits into your existing ServiceNow workflows
  • CMDB accuracy — Ensure your CMDB reflects the actual cryptographic landscape
  • Incident workflow — Leverage ServiceNow’s assignment, escalation, and SLA capabilities
  • Compliance reporting — ServiceNow reports include crypto asset health
  • Change management — Link crypto changes to ServiceNow change requests
Section titled “Related”