Skip to main content

ServiceNow Integration

Organizations: Sync your HackerOne reports to ServiceNow and vice versa

Updated over 4 months ago

This integration is only available for Enterprise programs.

HackerOne offers a bi-directional ServiceNow integration that enables you to sync your HackerOne reports to ServiceNow and vice versa. This integration improves workflow by minimizing the back-and-forth between ServiceNow and HackerOne.

You can use this integration with different ServiceNow tables. The guide below uses the incident table that's used in ServiceNow's Incident Management product. If you're using ServiceNow's Security Incident Response product, you can use the following table name: sn_si_incident. Alternatively, we support custom tables as well for full flexibility.

Setup

To set up the bi-directional integration between HackerOne and your ServiceNow instance, you’ll need to follow the five steps in this document:

  1. Configure OAuth for your ServiceNow instance

  2. Configure incoming requests in your ServiceNow instance

  3. Configure the integration on HackerOne

  4. Configure outgoing requests in your ServiceNow instance

  5. Configure a “close report” request from ServiceNow to HackerOne

Configure OAuth

  1. Navigate to System OAuth > Application Registry in your ServiceNow settings.

  2. Click New to create a new Application Registry.

  3. Click Create an OAuth API endpoint for external clients

  4. Enter these values for these fields:

    1. Name: HackerOne

    2. Client ID: This is auto-generated. Copy this value; you'll need this later when setting up the OAuth connection.

    3. Client Secret: Enter a secret key. You'll need this key again later in the process when setting up the OAuth connection.

    4. Redirect URL: https://hackerone.integration-authentication.com/oauth2/token

  5. Click Submit.

Configure Incoming Requests

Configuring incoming requests requires you to post to a custom REST API endpoint in ServiceNow. This will enable you to add comments from HackerOne to your ServiceNow instance.

To configure adding comments from HackerOne to ServiceNow:

  1. Navigate to Scripted REST APIs in your ServiceNow settings.

  2. Click New to create a new Scripted REST API.

  3. Enter these values for these fields:

    1. Name: HackerOne

    2. API ID: hackerone

  4. Click Submit.

  5. Open the HackerOne Scripted REST API you just created.

  6. Click New to add a new resource to the Scripted REST API.

  7. Enter these values for these fields:

    1. Name: New Comment

    2. Relative Path: /new_comment

    3. HTTP Method: POST

  8. Enter this code in the Script field:

    1. (
       function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
         // Retrieve the incident with the passed in sys_id
         var sys_id = request.body.data.sys_id;
         // Create a new record for the table you want to use (in our example `incident`)
         var incident = new GlideRecord('incident');
         incident.get(sys_id);
         // Add comment to incident item
         incident['work_notes'].setJournalEntry(request.body.data.message);
         // Update the incident item
         incident.update();
         // Retrieve the last added comment on this incident
         var comment = new GlideRecord('sys_journal_field');
         comment.addQuery('element_id', sys_id);
         comment.addQuery('name', 'incident');
         comment.addQuery('element', 'work_notes');
         comment.addQuery('value', request.body.data.message);
         comment.orderByDesc('sys_created_on');
         comment.setLimit(1);
         comment.query();
         if (comment.next()) {
           //Store last comment in variable
           var last_comment = comment;
         }
         response.setBody(
           {
             'sys_id': incident.sys_id,
             'comment_sys_id': last_comment.sys_id,
             'comment_value': last_comment.value,
             'request_sys_id': request.body.data.sys_id,
             'request_message': request.body.data.message
           }
         );
       }
      )(request, response);

      Make sure you enter the correct table name, as in this case, it's incident.

  9. Click Submit.

  10. Copy the full URL to your endpoint and save it to be used later.

    • The full URL to the /hackerone/new_comment endpoint is required to set up the HackerOne integration. The namespace can be found from within the HackerOne Scripted REST API you just created, in the Resources tab underneath the Resource path column. Combine this with your instance URL found in the address bar to get the full URL.

    • As shown in the images below, this would be: https://dev100796.service-now.com/api/514345/hackerone/new_comment.

Configure on HackerOne

To set up the integration on HackerOne:

  1. To access webhooks, go to Engagements, click the kebab menu for the program you’re interested in, then click Settings.

  2. Scroll down to Automation > Integrations.

  3. Click Connect with ServiceNow.

  4. Click Edit to start the setup process.

  5. Authenticate your ServiceNow instance by entering information into these fields:

    1. ServiceNow Instance URL: Enter the full URL to your ServiceNow instance, for example, it could be: https://my-instance.service-now.com/

    2. Client ID & Client Secret: Enter the Client ID and Client secret from step 4 in Configure OAuth.

  6. Provide the name of the escalation table. By default, the integration uses the ServiceNow incident table. If you want to use a different or custom table, please enter the table in the field below. If you prefer to use Security Incidents instead, you can use the following table name: sn_si_incident.

  7. Click Next.

  8. Configure data mapping from HackerOne reports to ServiceNow incidents. This uses the API of both systems to retrieve fields that are allowed to be used for these objects. For example, you could map the HackerOne report title to the ServiceNow incident short description.

    1. Note: alternatively you can manually set the mapping to a single field or combination of fields from the integration variables. For example: {{triage_summary}} \\ Link: {{report_link}} \\ Date: {{submission_date}} \\ Reporter: {{reporter_name}} \\ Weakness: {{weakness}} would create a combination of the triage summary, a link to the report the submission date, the reporter name, and the weakness of their report and map that to a single field.

  9. Click Next.

  10. Enter your ServiceNow New Comment endpoint that was configured earlier in the ServiceNow “Add Comment” endpoint field. This should be a combination of the URL to your instance and the Resource Path found in the Scripted REST API object in ServiceNow.

  11. Click Next.

  12. Copy the public listener URL in the configuration wizard.

  13. Click Enable to enable the integration.

Configure Outgoing Requests

After configuring incoming requests, you’ll need to configure outgoing requests in ServiceNow enabling you to post comments from ServiceNow to HackerOne. You’ll need to use Outbound REST Messages and Business Rules in the configuration process.

To configure posting comments from ServiceNow to HackerOne:

  1. Navigate to: System Web Services > Outbound > REST Message.

  2. Click New to create a new Outbound REST Message.

  3. Enter these values for these fields:

    1. Name: HackerOne

    2. Endpoint: The Public ServiceNow URL. This is found in the configuration wizard on the HackerOne platform.

    3. Authentication Type: No authentication

  4. Click Submit.

  5. Reopen the HackerOne outbound REST message you just created.

  6. Click New to add a new HTTP Method.

  7. Enter these values for these fields:

    1. Name: New Comment

    2. HTTP Method: POST

    3. Authentication Type: Inherit from parent

  8. Enter this in the Content field in the HTTP Request tab:

    1. {"event_name":"new_comment","message":"${message}","sys_id":"${sys_id}","element_id":"${element_id}"}

  9. Add these two HTTP Headers on the same HTTP Request tab:

    1. Accept: application/json

    2. Content-Type: application/json

  10. Click Submit.

  11. Navigate to System Definition > Business Rules.

  12. Click New to create a new business rule.

  13. Enter these values for these fields:

    1. Name: Add Comment

    2. Table: Journal Entry [sys_journal_field]

    3. Advanced: Make sure the box is checked

  14. Enter these values for these fields on the When to run tab. In this example, we use the incident table, if you use a different escalation table use that name here instead of incident.

    1. When: async

    2. Insert: Make sure the box is checked

    3. Filter Conditions: Value is not empty: AND : Name : is : incident

  15. Enter this script in the Advanced tab:

    1. (function executeRule(current, previous /*null when async*/) {
         try {
           var r = new sn_ws.RESTMessageV2('HackerOne', 'New Comment');
           var encoded_message = GlideStringUtil.base64Encode(current.value.toString());
           r.setStringParameterNoEscape('message', encoded_message);
           r.setStringParameterNoEscape('sys_id', current.sys_id);
           r.setStringParameterNoEscape('element_id', current.element_id);
           r.execute();
         }
         catch(ex) {
           var message = ex.message;
         }
       }
      )(current, previous);

  16. Click Submit.

Make sure that the arguments for RESTMessageV2 match the name you gave to the Outbound REST Message.

Configure Close Report Event

The close report event from ServiceNow to HackerOne is set up similarly to configuring the outgoing requests. You only need to change the content in the Outbound REST Message and the trigger action in the Business Rule.

To set up the close report event:

  1. Navigate to: System Web Services > Outbound > REST Message.

  2. Search for HackerOne.

  3. Click New to add a new method.

  4. Enter these values into these fields:

    1. Name: Close Report

    2. Endpoint: The Public ServiceNow URL visible in the configuration wizard on the HackerOne platform

    3. HTTP Method: POST

    4. Authentication Type: Inherit from parent

  5. Enter this in the Content field in the HTTP Request tab:

    1. {"event_name":"close_report","element_id":"${sys_id}","hackerone_report_state": "${hackerone_report_state}"}

  6. Add these two HTTP Headers on the same HTTP Request tab:

    1. Accept: application/json

    2. Content-Type: application/json

  7. Click Submit.

  8. Navigate to System Definition > Business Rules.

  9. Click New to create a new business rule.

  10. Enter these values for these fields on the When to run tab. In this example, we use the incident table, if you use a different escalation table use that name here instead of incident.:

    1. Name: Close Report

    2. Table: Incident [incident]

    3. Advanced: Make sure the box is checked

    4. When: Async

    5. Update: Make sure the box is checked

    6. Filter Conditions: State: changes to: Closed

  11. Enter this script on the Advanced tab:

    1. (function executeRule(current, previous /*null when async*/) {
         try {
           var r = new sn_ws.RESTMessageV2('HackerOne', 'Close Report');
           r.setStringParameterNoEscape('sys_id', current.sys_id);
           // Set the HackerOne report state.
           // Possible state changes can be found here https://api.hackerone.com/customer-resources/#reports-change-state
           r.setStringParameterNoEscape('hackerone_report_state', 'resolved');
           var response = r.execute();
         }
         catch(ex) {
           var message = ex.message;
         }
       }
      )(current, previous);

  12. Click Submit.

Make sure the arguments for RESTMessageV2 match the name you gave the Outbound REST Message and HTTP Method.


Related Articles
Linear Integration
Gitlab Setup
ServiceNow VR/AVR Integration
ServiceNow VR Setup
ServiceNow AVR Setup
Did this answer your question?