Hi @ashwanikumar ,

Building a CSPM > Configuration Compliance integration in ServiceNow is quite doable. I’ve put together what I found so far + suggestions, to help with design.....

>> What to use:

• Use integrations (REST APIs) from the CSPM tool to fetch policy/test definitions, resource metadata (cloud assets), and test/failure results....
• Use ServiceNow’s Configuration Compliance module, plus possibly the Security Posture / Cloud Security Posture Management apps. Store apps like the Qualys CSPM, Sysdig CSPM, or Microsoft Defender for Cloud integrations are examples.....

>> Key tables / data

• Tests / Test Groups / Authoritative Sources / Policies / Controls
• Test Results (failures / findings)
• Cloud asset / CI metadata (resource ID, type, account / region, tags)
• Evidence / Remediation Guidance / Exception records

>> Field map & best practices

• Map unique identifiers (resource IDs etc.) so findings are not duplicated.
• Include metadata: severity, timestamp, standard / control name, region, owner.
• Include remediation instructions or links from CSPM tool.
• Allow exceptions / suppression with audit trail.
• Define lifecycle: what signifies a finding fixed, how to update / resolve, how stale / old issues handled.

If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.