Tables and Filters for Security Events from ServiceNow CMDB (for Tables API)

gurwindersi
Tera Contributor

‎08-11-2025 01:52 AM

We are looking to monitor security events from ServiceNow CMDB.
Which are the security relevant sub-tables in the below tables?

Is there any other field like name and source that we need to consider for filtering these tables?

Table                              filter

1.sysevent                      name: login, flow.fire
2.sys_audit                     table : email_access_restriction, password_policy, sys_security_acl, sys_security_acl_role,                                                                        sys_user,sys_user_role
3.syslog                          source: SecurityAttribute, AccessTerm
4.syslog_transaction       
5.sys_history_line           
6.sys_history_set 
0 Helpfuls
  • 403 Views
1 REPLY 1

Bert_c1
Kilo Patron

‎08-17-2025 12:24 PM

Try using the OOB Security Center: https://[instnace].service-now.com/now/security-center-monitoring/overview 

and the 'Security Metrics' widget there.

0 Helpfuls