Service Graph Connector Integration for Claroty CTD
Integrate Claroty Continuous Threat Detection (CTD) with the ServiceNow Operational Technology Manager application to import detected devices and Claroty CTD sites (sensor or Network Intrusion Detection System appliances).
Request apps on the Store
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Supported versions
Claroty CTD Version:- 4.4.3 or later
- 5.1
Use cases
Use the Service Graph Connector Integration for Claroty Continuous Threat Detection with the Operational Technology Manager application to import the following information to the Configuration Management Database (CMDB)
- Sites
- Devices detected by each site
- Connections (or baselines)
- Installed programs
The following figure shows the detection method for importing Claroty CTD data into the CMDB.
Guided setup
The guided setup for the Service Graph Connector Integration for Claroty CTD provides an organized sequence of tasks to configure the integration on your instance. To access the guided setup, see Configure guided setup.
CMDB integrations dashboard
The Integration Commons for CMDB store app provides a dashboard with a central view of the status, processing results, and processing errors of all installed integrations. You can see metrics for all integration runs. You can filter the view to a specific CMDB integration, a specific time duration, or a specific integration run. For more details about monitoring integrations in the CMDB Integrations Dashboard, see Integration Commons for CMDB.
Data mapping
Data from the Claroty CTD data sources is mapped and transformed into the ServiceNow CMDB Configuration Item (CI) class definitions using the Robust Transform Engine (RTE). Data is inserted into the ServiceNow CMDB using the Identification and Reconciliation Engine (IRE).
| Data source | Staging table |
|---|---|
| SG-OT Claroty CTD Devices | SG-OT Claroty CTD Devices Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_devices_import] |
| SG-OT Claroty CTD Baselines | SG-OT Claroty CTD Baselines Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_baselines_import] |
| SG-OT Claroty CTD Programs | SG-OT Claroty CTD Programs Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_programs_import] |
| SG-OT Claroty CTD Sites | SG-OT Claroty CTD Sites Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_sites_import] |
The imported data from the staging tables is then inserted into the following target tables:
- Computer [cmdb_ci_computer]
- Hardware [cmdb_ci_hardware]
- IP Address [cmdb_ci_ip_address]
- Network Adapter [cmdb_ci_network_adapter]
- OT Device Details [cmdb_ot_entity]
- OT Control Module [cmdb_ci_ot_control_module]
- OT Control System [cmdb_ci_ot_control]
- Serial Number [cmdb_serial_number]
For more information, see CMDB classes targeted.
Default query parameters for the Service Graph Connector Integration for Claroty CTD
By default, the Service Graph Connector Integration for Claroty CTD is shipped with query parameter filters. You can modify their values based on ServiceNow entitlements that you have with the IntegrationHub Enterprise package.
When you begin importing the data from the Claroty CTD, the Service Graph Connector Integration for Claroty CTD uses the default query parameter filters that are listed in the following table.
| Query parameter filter | Value | Description |
|---|---|---|
| approved_exact | true | Unapproved devices on the Claroty CTD aren’t imported because the value of approved_exact is set to true. |
| valid_exact | true | Invalid devices on the Claroty CTD aren’t imported because the value of valid_exact is set to true. |
| special_hint_exact | 0 | Address types that aren’t set to 0 (unicast) on the Claroty CTD aren’t imported. |
| ghost_exact | false | If there’s an device on the Claroty CTD that is classified as a ghost, the Service Graph Connector Integration for Claroty CTD doesn’t import it because the default value is set to false. |