Best practices for writing integrations

These best practices will help you avoid some of the pitfalls you may encounter when writing your own integrations.

Use ServiceNow platform functionality whenever possible

For the most part, the integration capabilities built into Security Operations applications (Security Incident Response, Threat Intelligence, and Vulnerability Response) are intended to enhance or streamline existing ServiceNow platform integration functionality. When writing integrations, always make sure to leverage platform functionality when it exists. Here are some common ServiceNow functionalities that should be used rather than “rolling-your-own.”

  • Outbound web services – for most interactions with third-party systems, communication will be through web services. In those cases, utilize platform outbound web services (REST and SOAP are supported).

A data sources/import sets/transform map – for processing data and inserting into ServiceNow tables, the preferred mechanism is to use data sources and associated components.

Use Security Operations integration frameworks whenever possible

Because Security Operations integration mechanisms have solved many common problems, it is not necessary to re-implement basic functionalities for every integration. For example, the vulnerability data and threat source frameworks provide support for handling multiple pages and passing that data to data sources/transforms/import sets. Similarly, the threat scanner framework provides configurable rate limiting functionality. As a rule, when implementing a feature or set of features, check to see if the existing Security Operations integration framework covers your use case and if so, make use of that framework.

Extend the existing Security Operations integration frameworks as needed

Most of the tables and scripts used by Security Operations integration frameworks were intended to be extended to suite future needs. If a use case is encountered while you are writing an integration, extend whatever integration table or script to better suit that use case.

Provide feedback to ServiceNow for issues encountered during integration

As an integration is being developed or tested, be sure to provide feedback when issues are encountered. Even if a workaround is required, ServiceNow support personnel may be able to provide an improvement in future releases that could alleviate the issue for future integrations.

Test under reasonable load

A common issue with integrations is that they are not equipped to handle realistic loads. Because each integration will be a scoped application, there are additional limitations imposed by the platform to ensure system stability. This could result in long running jobs or API calls being terminated. Ensure that long running processes or processes that process lots of data are handled gracefully – often by reducing the time each call or process takes (usually by providing a means of paginating API requests or chunking large sets of data).