Configure risk event integration
Configure risk event integration with other upstream ServiceNow applications. This integration enables all users in an organization to report and track the risk events.
Before you begin
Role required: sn_risk.admin and user_admin
About this task
When you configure the risk event integration with another upstream application, then users of that application can directly report risk events from the application. For example, if you configure risk event integration in the ServiceNow® IT Service Management (ITSM) application, all users of ITSM can report risk events from the ITSM application. By default, this configuration is provided for the IT Incidents application and the Security incidents application.
The two modes that enable the creation of a risk event are Simple and Advanced. The Simple mode enables you to define filter conditions on the application table so that users of the Incidents application can report a risk event. For example, you can define that a financial event with a high impact must be reported as a risk event. In contrast, the Advanced mode enables users with GRC developer role to write scripts.
Incident managers with the incident_manager role are able to see the Report Risk Event option in an incident, whereas Security Managers with the sn_si.manager role are able to see the Report Risk Event option in a security incident.
Procedure
- Navigate to Risk Events > Administration > Integration Configuration.
- Click New.
-
On the form, fill in the fields.
Table 1. Risk Event Integration Configuration form Field Description Number Configuration number. This field is automatically set. Active Option to enable the creation of a risk event from the application table. Integration name Short and unique title for the integration. For example, to report a risk event from an incident table, you can type Incident-risk-event-integration. Application table Application table that is used for reporting risk events. The table determines the upstream application that will be used for reporting risk events. Source for name How the name of risk events are set. The choices are as follows: - Form field: Select this option if you want the value from a specific selected field to be used as the risk event name.
- Default value: Enter a custom value. The risk event is created with the name you enter here.
Source for description How the description of risk events are set. Source for entity How the entity of risk events are set. Source for date of discovery How the date of discovery for risk events are set. Name Field in the application table that is used to set the name of risk events. This field appears only when Form field is selected from the Source of name field. Default Name Default name for risk events. This field appears only when Default value is selected from the Source of name field. Description Field in the application table that is used to set the description of risk events. This field appears only when Form field is selected from the Source of description field. Default description Default description for risk events. This field appears only when the Default value is selected from the Source of description field. Entity Field from the application table that refers to a GRC entity or to a record in a GRC entity. This field appears only when Form field is selected from the Source of entity field. Default Entity Default entity for risk events. Default entities are created from the table in the Application table field. This field appears only when Default value is selected from the Source of entity field. Date of discovery Field in the application table that is used to set the date of discovery of risk events. This field is visible only when Form field is selected from the Source of date of discovery field. Default date of discovery Default date of discovery of risk events. Default event type Default event type of risk events. For example, if the event is financial or non-financial. Event subtype Subtype of the risk event. For example, if the event is actual or potential. Source for Non-Financial impact How the non-financial impact of risk events is set. Non-Financial impact Field in the application table that is used to set the non-financial impact of risk events. This field appears only when Form field is selected from the Source of non-financial field field. Default non-financial impact Default severity of risk events. The choices are Low, Medium, or High. Source for expected loss How the expected loss of risks events is set. Expected loss Field in the application table that is used to set the expected loss of risk events. This field appears only when Financial impact is selected from the Default event type is field and only when Form field is selected from the Source of expected loss field. Default expected loss Default monetary value of the loss. This field appears only when the Financial impact is selected from the Default event type field and only when Default value is selected from the Source of expected loss field. Display UI Action Based On Mode Mode that is used to create the UI action. The choices are as follows: - Simple: Mode to set simple filter conditions. For example, if the impact of an incident is High, the Report a Risk Event UI action must be created.
- Advanced: Mode to write a script to query tables, including the table from the Application table field.
Role condition Roles that can report risk events from the upstream application. Filter condition Build the filters as per the requirement. Script Field to write a custom script to query any table. Note:The option to write a script is only available to users who also have the sn_grc.developer role. This field appears when the Mode field has Advanced. -
Click Submit.
Any other application table which extends the task table can configure this integration. For details, see the Risk Event Ingestion [KB0780985] article in the Now Support Knowledge Base. You must log in to view the article.