ServiceNow is a platform-as-a-service (PaaS) provider of IT service management (ITSM) software. This ClearPass integration allows helpdesk staff to be kept informed immediately of any network triggered policy breaches by dynamically creating problem tickets leveraging the ServiceNow JSON based API. The integration detailed below triggers a problem ticket with the details of a mobile device that has breached the IT Jailbreak policy and is currently attempting to connect to the network.
AH contributor: cam
Specifications
Administration -> External Servers -> Endpoint Context Servers
|
Select Server Type
|
Generic HTTP |
Server Name
|
<Your integration name> |
Server Base URL
|
https://{YOUR-COMPANY}.service-now.com |
Username
|
<Your username> |
Password
|
<Your password> |
Administration -> Dictionaries -> Context Server Actions
|
Action Tab
|
Server Type
|
Generic HTTP |
Server Name
|
<Select your integration name> |
Action Name
|
<Describe the action> |
HTTP Method
|
POST |
URL
|
/problem.do?JSON&sysparm_action=insert |
Header Tab
|
Header Name/Header Value
|
Content-Type=application/json |
Content Tab
|
Content-Type
|
JSON |
Content
|
{"short_description":"Compromised Device WiFi Connection Attempt","priority":"3","description":"The following compromised device has attempted to connect to the cp-secure WiFi network: Mac Address: %{Connection:Client-Mac-Address} Enrolled User: %{Authentication:Full-Username} Device Serial: %{Endpoint:Serial Number} Mobile: %{Endpoint:Model} OS Version: %{Endpoint:OS Version} Location: %{Radius:Aruba:Aruba-Location-Id}","u_category":"%{u_category}","u_subcategory":"%{u_subcategory}","assigned_to":"mobileadmin"}
|
Attributes Tab
|
Attribute Name/Attribute Value
|
Connection:Client-Mac-Address=unknown
Authentication:Full-Username=unknown
Endpoint:Serial Number=unknown
Endpoint:Model=unknown
Endpoint:OS Version= unknown
Radius:Aruba:Aruba-Location-Id=cp-secure WiFi
u_category=71feaf0f8c00d100a4e1ee6a09f9bc72
u_subcategory=02feaf0f8c00d100a4e1ee6a09f9bc29
|
Tips & Tricks
|
The u_category and u_subcategory identifiers map to either default or custom ServiceNow database values. The identifiers can be found from the ServiceNow console by browsing to the Category SLA menu bar and then selecting the Category SLA or Subcategory SLA menu option. Once you have located the category and subcategory desired for the new problem ticket that will be created dynamically via the API, right click on that entry and select the copy sys_id option. This identifier should then be inserted in the corresponding u_category or u_subcategory option shown in the Attributes definition above. |