Integrate with ServiceNow

Sophos Cloud Optix can create and update ServiceNow tickets for alerts.

You must use a ServiceNow account that has the ITIL role. You also need the group name for the ServiceNow account.

In Sophos Cloud Optix, do as follows:

  1. Go to Settings > Integrations.
  2. Click ServiceNow.
  3. Enter the ServiceNow URL, username and password, along with the assignment group for your tickets.

    The group name for the ServiceNow account goes in the Assignment Group field.

  4. In Alert Levels:
    1. Select which Sophos Cloud Optix alerts (for example, Critical) you want to create ServiceNow tickets for.
    2. Optionally, change the ServiceNow priority set for each alert level in Sophos Cloud Optix.
  5. Select Automatic if you want to have ServiceNow tickets created automatically when there is an alert.

    If you don't select this, the alert in Sophos Cloud Optix includes an option to create a ServiceNow ticket manually.

  6. To turn on the integration, click Enable and then Save.

If there is a change in the status of an issue, or additional resources are affected, ServiceNow updates the existing ticket for the issue (if it is still open).

For example, if a policy violation alert is cleared the ServiceNow ticket is closed.