Configuration compliance integration with CSPM tool
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi All,
I want to build integration with CSPM tool.
Can you please help:
Which integration capability is used to integrate with CSPM tool?
what all tables data is integrated with CSPM tool E.G. Test , test groups etc?
Any field mapping recommendations and best practices ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @ashwanikumar ,
Building a CSPM > Configuration Compliance integration in ServiceNow is quite doable. I’ve put together what I found so far + suggestions, to help with design.....
>> What to use:
- Use integrations (REST APIs) from the CSPM tool to fetch policy/test definitions, resource metadata (cloud assets), and test/failure results....
- Use ServiceNow’s Configuration Compliance module, plus possibly the Security Posture / Cloud Security Posture Management apps. Store apps like the Qualys CSPM, Sysdig CSPM, or Microsoft Defender for Cloud integrations are examples.....
>> Key tables / data
- Tests / Test Groups / Authoritative Sources / Policies / Controls
- Test Results (failures / findings)
- Cloud asset / CI metadata (resource ID, type, account / region, tags)
- Evidence / Remediation Guidance / Exception records
>> Field map & best practices
- Map unique identifiers (resource IDs etc.) so findings are not duplicated.
- Include metadata: severity, timestamp, standard / control name, region, owner.
- Include remediation instructions or links from CSPM tool.
- Allow exceptions / suppression with audit trail.
- Define lifecycle: what signifies a finding fixed, how to update / resolve, how stale / old issues handled.
If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.
Kaushal Kumar Jha - ServiceNow Consultant - Lets connect on Linkedin: https://www.linkedin.com/in/kaushalkrjha/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
@kaushal_snow what all tables are recommended to be integrated with 3rd party tool?
e.g. Tests / Test Groups etc; are also integrated or are those loaded separately since these test are run in 3rd party tool and results are shared in ServiceNow.
What are the recommendations based on your experience?