Service Graph Connector Integration for Claroty CTD
Summarize
Summary of Service Graph Connector Integration for Claroty CTD
The Service Graph Connector Integration for Claroty Continuous Threat Detection (CTD) enables users to seamlessly integrate Claroty CTD with the ServiceNow Operational Technology Manager application. This integration allows for the importation of detected devices and sites, enhancing the Configuration Management Database (CMDB) with critical security data.
Show less
Key Features
- Supported Versions: Compatible with Claroty CTD versions 4.4.3 and later.
- Data Import: The integration facilitates the import of sites, detected devices, connections, and installed programs into the CMDB.
- Guided Setup: Provides an organized sequence for configuring the integration.
- CMDB Integrations Dashboard: Offers a central view to monitor the status and results of all integrations, allowing for filtering by time or integration run.
- Data Mapping: Utilizes the Robust Transform Engine (RTE) for data mapping from Claroty CTD to ServiceNow CMDB classes.
- Default Query Parameters: Includes built-in filters to control the import of devices based on approval and validation status.
Key Outcomes
By integrating with the ServiceNow platform, organizations can enhance their operational visibility, improve security incident response, and maintain accurate asset records in the CMDB. This integration ensures that only relevant and validated data from Claroty CTD is imported, streamlining asset management and threat detection processes.
Integrate Claroty Continuous Threat Detection (CTD) with the ServiceNow Operational Technology Manager application to import detected devices and Claroty CTD sites (sensor or Network Intrusion Detection System appliances).
Request apps on the Store
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Supported versions
Claroty CTD Version:- 4.4.3 or later
- 5.1
Use cases
Use the Service Graph Connector Integration for Claroty Continuous Threat Detection with the Operational Technology Manager application to import the following information to the Configuration Management Database (CMDB)
- Sites
- Devices detected by each site
- Connections (or baselines)
- Installed programs
The following figure shows the detection method for importing Claroty CTD data into the CMDB.
Guided setup
The guided setup for the Service Graph Connector Integration for Claroty CTD provides an organized sequence of tasks to configure the integration on your instance. To access the guided setup, see Configure guided setup.
CMDB integrations dashboard
The Integration Commons for CMDB store app provides a dashboard with a central view of the status, processing results, and processing errors of all installed integrations. You can see metrics for all integration runs. You can filter the view to a specific CMDB integration, a specific time duration, or a specific integration run. For more details about monitoring integrations in the CMDB Integrations Dashboard, see Integration Commons for CMDB.
Data mapping
Data from the Claroty CTD data sources is mapped and transformed into the ServiceNow CMDB Configuration Item (CI) class definitions using the Robust Transform Engine (RTE). Data is inserted into the ServiceNow CMDB using the Identification and Reconciliation Engine (IRE).
| Data source | Staging table |
|---|---|
| SG-OT Claroty CTD Devices | SG-OT Claroty CTD Devices Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_devices_import] |
| SG-OT Claroty CTD Baselines | SG-OT Claroty CTD Baselines Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_baselines_import] |
| SG-OT Claroty CTD Programs | SG-OT Claroty CTD Programs Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_programs_import] |
| SG-OT Claroty CTD Sites | SG-OT Claroty CTD Sites Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_sites_import] |
The imported data from the staging tables is then inserted into the following target tables:
- Computer [cmdb_ci_computer]
- Hardware [cmdb_ci_hardware]
- IP Address [cmdb_ci_ip_address]
- Network Adapter [cmdb_ci_network_adapter]
- OT Device Details [cmdb_ot_entity]
- OT Control Module [cmdb_ci_ot_control_module]
- OT Control System [cmdb_ci_ot_control]
- Serial Number [cmdb_serial_number]
For more information, see CMDB classes targeted.
Default query parameters for the Service Graph Connector Integration for Claroty CTD
By default, the Service Graph Connector Integration for Claroty CTD is shipped with query parameter filters. You can modify their values based on ServiceNow entitlements that you have with the IntegrationHub Enterprise package.
When you begin importing the data from the Claroty CTD, the Service Graph Connector Integration for Claroty CTD uses the default query parameter filters that are listed in the following table.
| Query parameter filter | Value | Description |
|---|---|---|
| approved_exact | true | Unapproved devices on the Claroty CTD aren’t imported because the value of approved_exact is set to true. |
| valid_exact | true | Invalid devices on the Claroty CTD aren’t imported because the value of valid_exact is set to true. |
| special_hint_exact | 0 | Address types that aren’t set to 0 (unicast) on the Claroty CTD aren’t imported. |
| ghost_exact | false | If there’s an device on the Claroty CTD that is classified as a ghost, the Service Graph Connector Integration for Claroty CTD doesn’t import it because the default value is set to false. |