AlienApp for ServiceNow Actions

As USM Anywhere surfaces events, alarms, and vulnerabilities, your team determines which items require the opening of a new ServiceNow incident. Rather than manually opening each incident ticket in the ServiceNow user interface (UI), you can use the AlienApp for ServiceNow response actions to automatically create a ServiceNow ticket with the Short description and Description fields pre-populated with content from your USM Anywhere environment. The following table lists the available actions from the AlienApp.

Actions for AlienApp for ServiceNow
Action Function

Create a new incident from an alarm Alarms provide notification of an event or sequence of events that require attention or investigation.

Run this action to generate a new ServiceNow incident for an alarm.

This action is available when you launch a response action directly for an existing alarm.

Create a new incident from a vulnerability A known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security.

Run this action to generate a new ServiceNow incident for a vulnerability.

This action is available only when you launch a response action directly for an existing vulnerability.

Create a new incident from an event Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall.

Run this action to generate a new ServiceNow incident for an event.

This action is available only when you launch a response action directly for an existing event.

Create a new incident from event based orchestration rule

Run this action to generate a new ServiceNow incident for future events that match your criteria.

This action is available only when you launch a response action in an orchestration rule.

Create a change request Run this action from an alarm or investigation to generate a change request in ServiceNow.

Upon execution of a response action, USM Anywhere generates the ServiceNow incident and passes the associated information to that new incident ticket.

Note: Before launching a ServiceNow response action or creating a ServiceNow response action rule, the AlienApp for ServiceNow must be enabled and connected to your ServiceNow instance. See Configuring the AlienApp for ServiceNow for more information.

To view information about these actions in USM Anywhere

  1. In USM Anywhere, go to Data Sources > AlienApps.
  2. Click the Available Apps tab.
  3. Search for the AlienApp, and then click the tile.
  4. Click the Actions tab to display information for the supported actions.
  5. Click the History tab to display information about the executed orchestration actions.

Launch Actions from USM Anywhere

You can launch an action directly from alarms, events, or vulnerabilities. If you want to apply an action to similar events that occur in the future, you can also create orchestration rules directly from the action applied to an alarm, event, or vulnerability.