Configure guided setup

Australia Operational Technology Management

Release

australia

ft:locale

ja-JP

ft:publication_title

Australia Operational Technology Management

ft:clusterId

optm

bundleId

optm

workflow

Technology

Configure the Service Graph Connector Integration for Claroty CTD

リリースバージョン: Australia

更新日 2026年03月12日

所要時間：28分

Use the guided setup for Service Graph Connector Integration for Claroty CTD to lead you through the integration steps.

始める前に

Dependencies and requirements:

The Integration Commons for CMDB store app, which is automatically installed.
The CMDB CI Class Models app, which is automatically installed.
The ITOM Discovery License plugin (com.snc.itom.discovery.license). You must activate this plugin.
ITOM Licensing plugin (com.snc.itom.license). For more information, see Request Discovery.
The Datastream Action plugin (com.glide.hub.action_type.datastream), which is automatically installed.
Review that View access is enabled in Claroty CTD for the following user permissions to collect data from Claroty CTD to ServiceNow:
- Visibility
- Investigation
The Industrial Core plugin. You must activate this plugin.
The Industrial Core plugin is required to access the class mappings table for the Service Graph Connector Integration for Claroty CTD. For more information about the Industrial Core plugin, see Industrial Core plugin.

Role required: admin

注:

If you have an earlier version of the Service Graph Connector Integration for Claroty CTD, then don’t migrate data from the old connector. You must uninstall the previous version and run the new integration.

手順

Ensure that the application is set to Service Graph Connector Integration for Claroty CTD by using the application picker.
For more information, see Application picker.
Navigate to All > Service Graph Connector Claroty CTD > Guided Setup.
On the Getting started page, select Get Started.
To configure a MID Server, complete the following:
1. In the Setup Connections and Credentials section, select the Configure MID server task.
2. Select Mark as complete once you complete the MID Server configuration.
To set up the connections records, complete the following:
1. In the Setup Connections and Credentials section, select the Configure Connections task.
2. Select Configure.
3. Open the Claroty CTD API record in the Connections table.
4. In the Connection URL field, enter the name of the URL for your Claroty CTD Enterprise Management Console (EMC).
  For example, https://192.168.1.100.
5. If you're using a MID Server, select the Use MID Server check box in the record.
  
  注:
  If you're not using a MID Server, go to step 5g.
6. From the Advanced MID Server Configuration related list, select a MID Server and a MID Selection.
7. Select Update.
8. Repeat steps 5a to 5h to update the Claroty CTD EMC Base Auth record.
To set up the credentials records, complete the following:
1. In the Setup Connections and Credentials section, select the Configure Credentials task.
2. Select Configure.
3. Open the Claroty CTD EMC Base Auth record in the Credentials table.
4. In the User name field, enter the user name that you used to log in to the Claroty CTD EMC.
5. In the Password field, enter the password that you used to log in to the Claroty CTD EMC.
6. Select Update.

To test the connection, complete the following:

In the Setup Connections and Credentials section, select the Test/Validate Connection task.
Select the Test Connection UI action from the related links section on the data source record for sensors.
After completing the connection test, view the results. You must perform the suggested troubleshooting steps until the test result returns Success.

Check that the connection manager has a valid certificate.

A valid certificate must be installed for a production environment. For a non-production or proof of concept (POC) instance, you can configure the system properties to enable the integration to work when the connection manager doesn’t have a valid certificate. The following table lists the system properties that you can configure for a non-production environment.

表 : 1. System properties for a non-production environment
Property	Value
com.glide.communications.httpclient.verify_hostname	Set to false.
com.glide.communications.httpclient.verify_revoked_certificate	Set to false. If you need to add this system property, see Add a system property.
com.glide.communications.trustmanager_trust_all	Set to true.

Check the MID security policy.

In the intranet record, verify that the columns in the following table show the specified values.

表 : 2. Intranet record values
Column	Value
Certificate chain check	false
Hostname check	false
Revocation check	false

For more information, see MID Server certificate check policies.

To set the system properties that configure the API resource paths, pagination sizes, and API key expiration times,complete the following:

In the Configure System Properties section, select Configure.

Configure the system properties in the following table:


Property	Description
sn_clarotyctdsgc.resourcepath.site	Property to set the resource path for the sites: 注: The resource path for the sites is provided by default for the Claroty CTD Enterprise Management Console (EMC) V4.4.3 API version for the CTD sites and devices. If you want to use a different API version, you can override the paths.
sn_clarotyctdsgc.resourcepath.device	Property to set the resource path for the devices: 注: The resource path for the devices is provided by default for the CTD EMC V4.4.3 API version for the CTD sites and devices. If you want to use a different API version, you can override the paths.
sn_clarotyctdsgc.pagesize.device	Property to set the number of device records to fetch in a paginated REST call to the Claroty CTD EMC. The default value is 500 records per page. 注: 500 is the maximum number of devices per page.
sn_clarotyctdsgc.resourcepath.baseline	Property to set the resource path for the baselines: 注: The resource path for the baselines is provided by default for the CTD EMC V4.4.3 API version for the CTD sites and devices. If you want to use a different API version, you can override the paths.
sn_clarotyctdsgc.pagesize.baseline	Property to set the number of baseline records to fetch in a paginated REST call to the Claroty CTD EMC. The default value is 500 records per page.
sn_clarotyctdsgc.get_all_baselines	Property to fetch all records for baselines or only the new records since the start time of the last successful import. 注: When you import baselines for the first time, all records are imported regardless of the setting for this property.
sn_clarotyctdsgc.resourcepath.entity	Property to set the resource path for the entities: 注: The resource path for the entities is provided by default for the CTD EMC V4.4.3 API version for the CTD sites and devices. If you want to use a different API version, you can override the paths.
sn_clarotyctdsgc.resourcepath.program	Property to set the resource path for the installed programs: 注: The resource path for the installed programs is provided by default for the CTD EMC V4.4.3 API version for the CTD sites and devices. If you want to use a different API version, you can override the paths.
sn_clarotyctdsgc.pagesize.entity	Property to set the number of entity records to fetch in a paginated REST call to the Claroty CTD EMC. The default value is 500 records per page.
sn_clarotyctdsgc.pagesize.program	Property to set the number of program records to fetch in a paginated REST call to the Claroty CTD EMC. The default value is 500 records per page.
sn_clarotyctdsgc.api_token_life_in_minutes	Property to set the number of minutes that the API is considered active. After the time expires, the Service Graph Connector fetches a new API key during the next import. The default value is 0 and a new token is fetched for each REST call. 注: You can change the value to keep the same token for a maximum of 24 hours and reduce the number of REST calls.
sn_clarotyctdsgc.classify_based_on_os	Property to provide a list of classes that support the classification by OS as part of the Service Graph Connector Integration for Claroty CTD. When the flag is set to True, the classification by OS is supported. When it is set to False, the Service Graph Connector no longer classifies by OS. For example: `{ "cmdb_ci_ip_switch":true, "cmdb_ci_nids":false }`
sn_clarotyctdsgc.filter.asset_type_code	Property to provide a list of codes for device types separated by the delimiter ($). For more information about Claroty types and codes, see CMDB classes targeted. For example, to only import PLC and HMI device types, enter the Claroty type code as `0$1`.
sn_clarotyctdsgc.filter.asset_purdue_level	Property to provide a list of Purdue Levels separated by the delimiter ($). For example, to only filter devices with Purdue Levels 1 and 2, To only filter Devices with Purdue Level 1 & 2, set the value as `1.0$2.0`.

Select Save.

To import CTD sites, complete the following:
1. In the Configure CTD Sites section, select the Import CTD Sites task.
2. Select Configure.
3. Select the Execute Now button.
To configure Network Intrusion Detection Systems (NIDS), complete the following:
1. In the Configure CTD Sites section, select the Configure NIDS task.
2. Select Mark as Complete once you setup the NIDS used to get devices from Claroty CTD.

To configure the import schedules to run the sites, devices, baselines, and installed programs, complete the following:

注:

Empty rack slots associated with a PLC are no longer imported into the Configuration Management Database (CMDB).

In the Configure Import Schedules section, select the Configure Sites Import Schedule task.
Select Configure.
In the Scheduled Data Imports table, select SG-OT CTD Sites Scheduled Import.
- By default, the sites import schedule is configured to run every day at midnight.
- You must import and validate the CTD sites before you import the devices.

Complete the following actions as needed to review or change the import schedule as needed:


Action	Description
Enter a conditional script	Enter a conditional script that determines whether a scheduled import should run by selecting Conditional.
Change the default import schedule	Change the default import schedule by setting the Run field as necessary.
Reference a user in the Users table	Reference a user in the Users table by selecting a user in the Runs as field. 注: By default, this field is set to System Administrator. The selected user must be assigned the admin role for the import to be successful. If left empty, the import schedule uses the roles of the logged-in user.
Run an import	Run an import by selecting Execute Now. You can import either all records or only new records since the start time of the last successful import, based on the system properties configured. For more information, see Configure guided setup.
Activate the import	Activate the import by selecting the Active check box.
Save any schedule changes	Save any schedule changes by selecting Update.

In the Configure Import Schedules section, select the Configure Devices Import Schedule task.
Select Configure.
In the Scheduled Data Imports table, select SG-OT CTD Devices Scheduled Import to review or change the import schedule for your devices.
- By default, the devices import schedule is configured to run every day at midnight.
- Devices are queried by the CTD site. The Service Graph Connector only queries for devices that are detected by validated CTD sites.

Complete the following actions as needed to review or change the import schedule as needed:


Action	Description
Enter a conditional script	Enter a conditional script that determines whether a scheduled import should run by selecting Conditional.
Change the default import schedule	Change the default import schedule by setting the Run field as necessary.
Reference a user in the Users table	Reference a user in the Users table by selecting a user in the Runs as field. 注: By default, this field is set to System Administrator. The selected user must be assigned the admin role for the import to be successful. If left empty, the import schedule uses the roles of the logged-in user.
Run an import	Run an import by selecting Execute Now. You can import either all records or only new records since the start time of the last successful import, based on the system properties configured. For more information, see Configure guided setup.
Activate the import	Activate the import by selecting the Active check box.
Save any schedule changes	Save any schedule changes by selecting Update.

In the Configure Import Schedules section, select the Configure Baselines Import Schedule task.
Select Configure.
In the Scheduled Data Imports table, select SG-OT CTD Baselines Scheduled Import to review or change the import schedule for the baselines.
By default, the baselines import schedule is configured to run after the parent OT Control System runs.

Complete the following actions as needed to review or change the import schedule as needed.


Action	Description
Enter a conditional script	Enter a conditional script that determines whether a scheduled import should run by selecting Conditional.
Change the default import schedule	Change the default import schedule by setting the Run field as necessary.
Reference a user in the Users table	Reference a user in the Users table by selecting a user in the Runs as field. 注: By default, this field is set to System Administrator. The selected user must be assigned the admin role for the import to be successful. If left empty, the import schedule uses the roles of the logged-in user.
Run an import	Run an import by selecting Execute Now. You can import either all records or only new records since the start time of the last successful import, based on the system properties configured. For more information, see Configure guided setup.
Activate the import	Activate the import by selecting the Active check box.
Save any schedule changes	Save any schedule changes by selecting Update.

In the Configure Import Schedules section, select the Configure Sites Installed Programs Import Schedule task.
Select Configure.
In the Scheduled Data Imports table, select SG-OT CTD Installed Programs Scheduled Import to review or change the schedule for the installed programs import.
By default, the installed programs import schedule is configured to run every day at midnight.

Complete the following actions as needed to review or change the import schedule as needed.


Action	Description
Enter a conditional script	Change the default import schedule by setting the Run field as necessary.
Change the default import schedule	Change the default import schedule by setting the Run field as necessary.
Reference a user in the Users table	Reference a user in the Users table by selecting a user in the Runs as field. 注: By default, this field is set to System Administrator. The selected user must be assigned the admin role for the import to be successful. If left empty, the import schedule uses the roles of the logged-in user.
Run an import	Run an import by selecting Execute Now. You can import either all records or only new records since the start time of the last successful import, based on the system properties configured. For more information, see step 7c.
Activate the import	Activate the import by selecting the Active check box.
Save any schedule changes	Save any schedule changes by selecting Update.

オプション: When configuration items (CIs) are created in the CMDB, asset records are created.
The asset record contains the model category of the CI. For more information about the model categories for Operational Technology (OT), see Model categories for Operational Technology. To view the model category for an OT device, complete the following:
1. Navigate to All > Operational Technology (OT) > All OT Devices.
2. Select the OT device that you want to view the asset record for.
3. Next to the Asset field, select the Preview this record () icon.
4. Select Open Record.
オプション: To troubleshoot the Service Graph Connector Integration for Claroty CTD, complete the following:
1. Select the [OPTIONAL] Troubleshooting the Service Graph Connector for Claroty CTD section.
2. In the Execute the validations scheduled job task, select Configure.
3. Select Execute Now.
  This job performs tasks to validate the configurations for SGC and the connection to Claroty CTD. If configuration issues are found, the validation results report the problem and suggest troubleshooting steps. Wait for the scheduled job to finish.
4. Once the scheduled job is complete, navigate back to the [OPTIONAL] Troubleshooting the Service Graph Connector for Claroty CTD section.
5. In the Review validation results task, select Configure.
  This step opens the execution logs and suggestions of the last troubleshooting run for you to view.
6. Address the suggestions as needed.
  
  注:
  You can use the scheduled script at any point after the initial configuration of the Service Graph Connector Integration for Claroty CTD. To trigger validations, navigate to All > Service Graph Connector for Claroty CTD > Troubleshooting > Run Troubleshooting. To view the validation results, navigate to All > Service Graph Connector for Claroty CTD > Troubleshooting > Results.
  For additional information about troubleshooting issues while using the Service Graph Connector Integration for Claroty CTD, see Troubleshooting scenarios for the Service Graph Connector Integration for Claroty CTD (KB1502041).