Skip to content

ServiceNow integration

You can create and update ServiceNow tickets from Sophos Cloud Optix alerts.

You must use a ServiceNow account with the ITIL role, and you need the group name for the ServiceNow account. See Base system roles.

In Sophos Cloud Optix, do as follows:

  1. Click Integrations.
  2. Click ServiceNow.
  3. Click Enable.

  4. Enter the ServiceNow URL, username, and password, along with the assignment group for your tickets.

    The group name for the ServiceNow account goes in the Assignment Group field.

  5. In Alert Levels:

    1. Select which Sophos Cloud Optix alerts create ServiceNow tickets.
    2. Optionally, change the ServiceNow priority set for each alert level in Sophos Cloud Optix.

  6. Select Automatic if you want to have ServiceNow tickets created automatically when there's an alert.

    If you don't select this, the alert in Sophos Cloud Optix includes an option to create a ServiceNow ticket manually.

  7. Click Save.

If there's a change in the status of an issue, or additional resources are affected, ServiceNow updates the existing ticket for the issue, if it's still open.

For example if a policy violation alert is cleared the ServiceNow ticket is closed.