Security Operations integrations Several integrations are included with the Security Operations applications (Security Incident Response, Threat Intelligence, and Vulnerability Response). This section provides instructions for activating the plugins and configuring both ServiceNow and third-party integrations. Also included are some basic guidelines for developing your own integrations, as well as details on specific integrations included in the base system. You can filter which integrations to see using the Category drop-down menu. ServiceNow Security Operations integration development guidelinesThe Now Platform provides several mechanisms for developing integrations with external systems. The ServiceNow Security Operations product suite adds integration capabilities intended to streamline the process of integrating with security-focused external systems. Integration capabilitiesThe Integration Capabilities framework provides a consistent architecture to support interoperability with third-party integrations. This abstracted interface and data model insulates integrations from changes to the core application and ensures a consistent experience for similar types of integrations.Carbon Black integrationThe Carbon Black integration enables you to investigate and respond to security incidents using APIs to query and interact with endpoints associated with security incidents. Check Point Anti-bot - Email Parser integrationCheck Point Anti-bot - Email Parser integration is supported using an email parser that consumes email notifications from Check Point Anti-bot to create security incidents and drive enrichment and response workflows. CrowdStrike Falcon integrationCrowdStrike Falcon Intelligence enriches Threat Intelligence with data for security incidents and associated observables.Elasticsearch integrationThe Elasticsearch - Incident Enrichment integration searches your logs and adds relevant sighting information to your security incidents. HPE Security ArcSight ESM - Email Parser integrationThe HPE Security ArcSight ESM - Email Parser integration is supported using an email parser that consumes email notifications from ESM to create security incidents.HPE ArcSight Logger - Incident Enrichment integrationThe HPE ArcSight Logger - Incident Enrichment integration searches your logs and adds relevant sighting information to your security incidents. IBM QRadar IntegrationThe IBM QRadar - Incident Enrichment integration searches your logs and adds relevant sighting information to your security incidents. Intel McAfee ESM - Email Parser integrationThe Intel McAfee ESM - Email Parser integration is supported by an email parser that consumes email notifications from ESM to create security incidents.Intel McAfee ESM - Incident Enrichment IntegrationIntel McAfee ESM - Incident Enrichment integration searches your logs and adds relevant sighting information to your security incidents.OPSWAT Metadefender IntegrationOPSWAT Metadefender allows threat data, detected by the third-party Metadefender scanner, to be downloaded to the Threat Intelligence application for tracking, prioritization, and resolution. OPSWAT Metadefender integration overviewOPSWAT Metadefender s a security solution that provides access to multiple anti-malware machines and easily integrates with Security OperationsPalo Alto Networks integrationThe Palo Alto Networks consists of three products you can use to identify and remediate malware: Palo Alto Networks - AutoFocus, Palo Alto Networks - Firewall, and Palo Alto Networks - WildFire.Qualys Cloud Platform integrationIf your organization uses the Qualys Cloud Platform to detect vulnerabilities, you can integrate it with Vulnerability Response. When the third-party Qualys scanner detects vulnerability data, that data is imported to Vulnerability Response for tracking, prioritization, and resolution.Recorded Future integrationRecorded Future enriches security incidents with valuable threat data.Have I been pwned? integrationThe Security Operations Have I been pwned? integration enables you to submit lookups on domain names and email addresses to determine whether user personal data has been compromised by data breaches.WhoisXML ApI integrationThe WhoisXML API integration enables you to submit Whois lookups on domain names and URLs to obtain context on URL observables, and to make better determination on threats. ServiceNow Security Operations add-on for Splunk integrationWhen Splunk is integrated with the ServiceNow Security Operations applications, you can seamlessly create security incidents or events from Splunk events, alerts, and logs. After you have downloaded the ServiceNow Security Operations add-on for Splunk from Splunkbase, you are ready to use the integration to create the desired security records.Splunk - Incident Enrichment integrationThe Splunk - Incident Enrichment integration searches your logs and adds relevant sighting information to your security incidents.Tanium integrationTanium integration uses a workflow and workflow activities to return running processes for affected CIs.VirusTotal integrationThe VirusTotal integration enables you to request the analysis of suspicious IP addresses, hashes, and URL addresses to aid in your investigation to determine if they are malicious.