Set up your Now Platform instance for the Secureworks CTP ticket ingestion integration

The following section lists the setup tasks that you are required to complete in your Now Platform instance prior to installing the application from the ServiceNow Store.

Before you begin

Role required: sn_si.admin

About this task

Refer to the following table and verify that you have completed all the listed tasks before you download and install the application to ensure a smooth installation and configuration.

Setup task Description
Verify that you have assigned the required Now Platform and Security Incident Response roles.

The following roles are required for the installation, setup, and use of the integration in your Now Platform instance.

  • A user with the Now Platform administrator role (admin) installs the application from the ServiceNow Store and assigns the SIR administrator (sn_si.admin) role.
  • A user with the sn_si.admin role oversees the following tasks in the Now Platform:
    • Names, creates, and edits profiles.
    • Selects and maps Secureworks CTP ticket fields to the security incident fields.
    • Previews security incident details for accuracy prior to finalizing the configuration.
    • Schedules on-going ticket ingestion.
    • Enables ticket updates when a SIR SIR incident is created and closed.
    • Assigns the security incident analyst (sn_si.analyst) role.
    • Users with the sn_si.analyst work with security incidents.

For more information about roles and assigning roles to users, see Roles

Verify that you are using the following versions:
  • Secureworks Ticket API 4.0
  • Secureworks Event API 1.0
  • Secureworks Enrichment API 1.0
If you have access to the Secureworks CTP portal, you have access to the API that is required for this integration. There is no other special setup required for the API.
Verify that the ServiceNow core applications that are required to support the integration are installed and activated before you install the application for the integration.

Verify that the following Security Operations applications are installed and activated from the ServiceNow Store. If not installed, install and activate one application at a time in the following order to ensure a smooth installation.

  1. Security Incident Response
  2. Event and Alert Ingestion for Security Operations (Required for SIEM integrations): This application requires:
    • com.glide.hub.integration.runtime => ServiceNow IntegrationHub Runtime
    • com.glide.hub.action_step.rest => ServiceNow IntegrationHub Action Step - REST
    Note: The Integration Hub components are installed along with the Event and Alert Ingestion plugin. If these are not installed, contact Customer Support for assistance.

For more information about installing the Security Operations core applications, see Get entitlement for a Security Operations product or application and Activate a ServiceNow Store application.