Service Graph Connector Integration for Claroty CTD

  • Release version: Yokohama
  • Updated April 18, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Service Graph Connector Integration for Claroty CTD

    The Service Graph Connector Integration for Claroty Continuous Threat Detection (CTD) enables ServiceNow customers to integrate Claroty CTD with the Operational Technology Manager application. This integration imports detected devices, Claroty CTD sites (such as sensors or Network Intrusion Detection System appliances), device connections, and installed programs into the ServiceNow Configuration Management Database (CMDB).

    Show full answer Show less

    Supported Claroty CTD versions are 4.4.3 or later. The integration helps maintain an up-to-date CMDB with OT-related asset and network data detected by Claroty CTD.

    Key Features

    • Data Import: Imports sites, devices detected by each site, connection baselines, and installed programs from Claroty CTD into the CMDB.
    • Guided Setup: Provides a sequenced guided setup within ServiceNow to configure and deploy the integration.
    • CMDB Integrations Dashboard: Offers a centralized dashboard via the Integration Commons for CMDB app, showing integration status, processing results, errors, and run metrics with filtering capabilities.
    • Data Mapping and Transformation: Uses the Robust Transform Engine (RTE) to map and transform Claroty CTD data into CMDB Configuration Item (CI) classes, and the Identification and Reconciliation Engine (IRE) to insert data into CMDB tables.
    • Staging and Target Tables: Data from Claroty CTD is initially loaded into specific staging tables before being inserted into target CMDB tables such as Computer, Hardware, IP Address, Network Adapter, OT Device Details, OT Control Module, OT Control System, and Serial Number.
    • Default Query Parameters: The integration ships with default filters (e.g., importing only approved, valid, unicast devices and excluding ghost devices) to refine the data imported based on device status and type. These can be adjusted based on IntegrationHub Enterprise entitlements.
    • Validation of NIDS Sensors: Network IDS sensors imported must be validated and not in learning mode before device data can be imported from them.
    • Common Connection Framework (CCF): Connection details of the integration can be accessed in a consolidated view through the Integration Commons for CMDB store app.

    Key Outcomes

    • Streamlined and automated import of OT device and site data from Claroty CTD into the ServiceNow CMDB, enhancing CMDB accuracy for operational technology environments.
    • Improved visibility into OT assets and network connections, supporting better operational risk management and security monitoring through the Operational Technology Manager application.
    • Centralized monitoring and management of integration health and data synchronization via the CMDB Integrations Dashboard.
    • Configurable data import filters ensure only high-quality, relevant asset data is brought into the CMDB, reducing noise and improving data integrity.
    • Guided setup simplifies the integration deployment process, reducing implementation time and errors.

    Integrate Claroty Continuous Threat Detection (CTD) with the ServiceNow Operational Technology Manager application to import detected devices and Claroty CTD sites (sensor or Network Intrusion Detection System appliances).

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Supported versions

    Claroty CTD Version:
    • 4.4.3 or later
    • 5.1

    Use cases

    Use the Service Graph Connector Integration for Claroty Continuous Threat Detection with the Operational Technology Manager application to import the following information to the Configuration Management Database (CMDB)

    • Sites
    • Devices detected by each site
    • Connections (or baselines)
    • Installed programs

    The following figure shows the detection method for importing Claroty CTD data into the CMDB.

    Process for importing Claroty CTD data into the ServiceNow Configuration Management Database (CMDB).

    Guided setup

    The guided setup for the Service Graph Connector Integration for Claroty CTD provides an organized sequence of tasks to configure the integration on your instance. To access the guided setup, see Configure guided setup.

    CMDB integrations dashboard

    The Integration Commons for CMDB store app provides a dashboard with a central view of the status, processing results, and processing errors of all installed integrations. You can see metrics for all integration runs. You can filter the view to a specific CMDB integration, a specific time duration, or a specific integration run. For more details about monitoring integrations in the CMDB Integrations Dashboard, see Integration Commons for CMDB.

    Data mapping

    Data from the Claroty CTD data sources is mapped and transformed into the ServiceNow CMDB Configuration Item (CI) class definitions using the Robust Transform Engine (RTE). Data is inserted into the ServiceNow CMDB using the Identification and Reconciliation Engine (IRE).

    The following table lists the data sources included for the Service Graph Connector Integration for Claroty CTD and the corresponding staging tables where the imported data is loaded.
    Table 1. Data sources and staging tables for Claroty CTD
    Data source Staging table
    SG-OT Claroty CTD Devices SG-OT Claroty CTD Devices Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_devices_import]
    SG-OT Claroty CTD Baselines SG-OT Claroty CTD Baselines Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_baselines_import]
    SG-OT Claroty CTD Programs SG-OT Claroty CTD Programs Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_programs_import]
    SG-OT Claroty CTD Sites SG-OT Claroty CTD Sites Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_sites_import]

    The imported data from the staging tables is then inserted into the following target tables:

    • Computer [cmdb_ci_computer]
    • Hardware [cmdb_ci_hardware]
    • IP Address [cmdb_ci_ip_address]
    • Network Adapter [cmdb_ci_network_adapter]
    • OT Device Details [cmdb_ot_entity]
    • OT Control Module [cmdb_ci_ot_control_module]
    • OT Control System [cmdb_ci_ot_control]
    • Serial Number [cmdb_serial_number]

    For more information, see CMDB classes targeted.

    Default query parameters for the Service Graph Connector Integration for Claroty CTD

    By default, the Service Graph Connector Integration for Claroty CTD is shipped with query parameter filters. You can modify their values based on ServiceNow entitlements that you have with the IntegrationHub Enterprise package.

    When you begin importing the data from the Claroty CTD, the Service Graph Connector Integration for Claroty CTD uses the default query parameter filters that are listed in the following table.

    Table 2. Default query parameter filters
    Query parameter filter Value Description
    approved_exact true Unapproved devices on the Claroty CTD aren’t imported because the value of approved_exact is set to true.
    valid_exact true Invalid devices on the Claroty CTD aren’t imported because the value of valid_exact is set to true.
    special_hint_exact 0 Address types that aren’t set to 0 (unicast) on the Claroty CTD aren’t imported.
    ghost_exact false If there’s an device on the Claroty CTD that is classified as a ghost, the Service Graph Connector Integration for Claroty CTD doesn’t import it because the default value is set to false.