Service Graph Connector Integration for Claroty CTD

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Service Graph Connector Integration for Claroty CTD

    The Service Graph Connector Integration for Claroty Continuous Threat Detection (CTD) enables ServiceNow Operational Technology Manager customers to import detailed OT asset data detected by Claroty CTD directly into their Configuration Management Database (CMDB). This integration supports Claroty CTD versions 4.4.3 and later, including version 5.1.

    Show full answer Show less

    By integrating these systems, customers can maintain an accurate, up-to-date inventory of OT devices, sites, connections, and installed programs, enhancing operational visibility and security posture.

    Key Features

    • Data Import: Automatically imports Claroty CTD sites (sensors or Network Intrusion Detection System appliances), detected devices, baseline connections, and installed programs into the CMDB.
    • Guided Setup: A structured, step-by-step guided setup simplifies configuration of the integration within your ServiceNow instance.
    • CMDB Integrations Dashboard: Provides centralized monitoring of integration status, processing results, and errors through the Integration Commons for CMDB app, allowing filtering by integration type, time, or run.
    • Data Mapping and Processing: Uses the Robust Transform Engine (RTE) and Identification and Reconciliation Engine (IRE) to accurately map Claroty CTD data into ServiceNow CMDB classes such as computers, hardware, IP addresses, OT devices, and control modules.
    • Default Query Filters: Imports only approved, valid, and unicast devices by default, excluding unapproved, invalid, ghost, or multicast devices. These filters can be customized based on customer entitlements with IntegrationHub Enterprise.
    • Sensor Validation: Validates Network Intrusion Detection System (NIDS) sensors to ensure they are not in learning mode before allowing device import, ensuring data quality.
    • Connection Management: Access all connection details through the common connection framework (CCF) within the Integration Commons for CMDB app for streamlined integration management.

    Key Outcomes

    • Comprehensive and accurate CMDB population with OT device and site data detected by Claroty CTD, improving asset visibility and security management.
    • Improved operational efficiency through automated data synchronization and monitoring dashboards.
    • Flexibility to tailor data import filters and validation steps to align with organizational policies and ServiceNow entitlements.
    • Streamlined integration setup and ongoing management via guided setup and centralized connection views.

    Integrate Claroty Continuous Threat Detection (CTD) with the ServiceNow Operational Technology Manager application to import detected devices and Claroty CTD sites (sensor or Network Intrusion Detection System appliances).

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Supported versions

    Claroty CTD Version:
    • 4.4.3 or later
    • 5.1

    Use cases

    Use the Service Graph Connector Integration for Claroty Continuous Threat Detection with the Operational Technology Manager application to import the following information to the Configuration Management Database (CMDB)

    • Sites
    • Devices detected by each site
    • Connections (or baselines)
    • Installed programs

    The following figure shows the detection method for importing Claroty CTD data into the CMDB.

    Process for importing Claroty CTD data into the ServiceNow Configuration Management Database (CMDB).

    Guided setup

    The guided setup for the Service Graph Connector Integration for Claroty CTD provides an organized sequence of tasks to configure the integration on your instance. To access the guided setup, see Configure guided setup.

    CMDB integrations dashboard

    The Integration Commons for CMDB store app provides a dashboard with a central view of the status, processing results, and processing errors of all installed integrations. You can see metrics for all integration runs. You can filter the view to a specific CMDB integration, a specific time duration, or a specific integration run. For more details about monitoring integrations in the CMDB Integrations Dashboard, see Integration Commons for CMDB.

    Data mapping

    Data from the Claroty CTD data sources is mapped and transformed into the ServiceNow CMDB Configuration Item (CI) class definitions using the Robust Transform Engine (RTE). Data is inserted into the ServiceNow CMDB using the Identification and Reconciliation Engine (IRE).

    The following table lists the data sources included for the Service Graph Connector Integration for Claroty CTD and the corresponding staging tables where the imported data is loaded.
    Table 1. Data sources and staging tables for Claroty CTD
    Data source Staging table
    SG-OT Claroty CTD Devices SG-OT Claroty CTD Devices Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_devices_import]
    SG-OT Claroty CTD Baselines SG-OT Claroty CTD Baselines Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_baselines_import]
    SG-OT Claroty CTD Programs SG-OT Claroty CTD Programs Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_programs_import]
    SG-OT Claroty CTD Sites SG-OT Claroty CTD Sites Import [sn_clarotyctdsgc_sg_ot_claroty_ctd_sites_import]

    The imported data from the staging tables is then inserted into the following target tables:

    • Computer [cmdb_ci_computer]
    • Hardware [cmdb_ci_hardware]
    • IP Address [cmdb_ci_ip_address]
    • Network Adapter [cmdb_ci_network_adapter]
    • OT Device Details [cmdb_ot_entity]
    • OT Control Module [cmdb_ci_ot_control_module]
    • OT Control System [cmdb_ci_ot_control]
    • Serial Number [cmdb_serial_number]

    For more information, see CMDB classes targeted.

    Default query parameters for the Service Graph Connector Integration for Claroty CTD

    By default, the Service Graph Connector Integration for Claroty CTD is shipped with query parameter filters. You can modify their values based on ServiceNow entitlements that you have with the IntegrationHub Enterprise package.

    When you begin importing the data from the Claroty CTD, the Service Graph Connector Integration for Claroty CTD uses the default query parameter filters that are listed in the following table.

    Table 2. Default query parameter filters
    Query parameter filter Value Description
    approved_exact true Unapproved devices on the Claroty CTD aren’t imported because the value of approved_exact is set to true.
    valid_exact true Invalid devices on the Claroty CTD aren’t imported because the value of valid_exact is set to true.
    special_hint_exact 0 Address types that aren’t set to 0 (unicast) on the Claroty CTD aren’t imported.
    ghost_exact false If there’s an device on the Claroty CTD that is classified as a ghost, the Service Graph Connector Integration for Claroty CTD doesn’t import it because the default value is set to false.