Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Create a Security Operations enrichment data map

Log in to subscribe to topics and get notified when content changes.

Create a Security Operations enrichment data map

Transform data from JSON, XML, or Properties file format to ServiceNow records using enrichment data maps.

Before you begin

Role required: sn_sec_cmn.write

About this task

Existing enrichment data maps are used by workflows provided within Security Operations. You can view the list under Enrichment Data Mapping. To use a map, you need a trigger, either a business rule or workflow.


  1. Navigate to Security Operations > Utilities > Enrichment Data Mapping.
  2. Click New.
  3. Fill in the fields, as appropriate.
    Table 1. Creating an enrichment data map
    Field Description
    Name Name of this enrichment data map.
    Description Description of the data map.
    Input format Choose a format from the list:
    • JSON (default)
    • XML
    • Properties File format
    Prefix key Use to limit the input data set to a specified key. The root of the input data set is set to this key. In this example, if you entered file_info, then the input values would be limited to those values within file_info.
    <?xml version="1.0" encoding="UTF-8"?>
    Target table Choose a table from the list.
    Active When checked, this mapping is available for use.
  4. Click Submit.
    The Enrichment Data Mapping Fields tab appears.
  5. Click New.
  6. Fill in the fields on the form, as appropriate.
    Table 2. Enrichment data mapping fields
    Field Description
    Mapping Name of the enrichment data map.
    Target table The table the fields to map come from.
    Transform type Choose from the list:
    • Populate target field with field value
    • Populate target field with static value
    • Populate target field with static value plus field value
    • Field is an array or object (raw data nesting)

    Each choice has different entries. Target field values, and arrays, or objects require a Property key.

    Property key Determines the key for the input data search and the value written to the target field.
    Target field Choose the field to write to from the list.
    Target Mapping Used with the Field is an array or an object (raw data nesting) transform type. Choose an existing mapping or create another mapping. This target map becomes a child of the current map.
  7. Click Submit.
    The following is an example of an enrichment data map.
    Enrichment Data Mapping example