Unified experience framework for integrations powered by Capability Framework

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Unified experience framework for integrations powered by Capability Framework

    The Unified Experience Framework enhances orchestration activities within ServiceNow's new workspace by providing a consistent, streamlined interface for integration capabilities. Unlike the classic UI, where each integration action had a separate experience, this framework consolidates these actions into a unified modal workflow for integrations that fall under the capability framework. This unified approach improves efficiency and usability for analysts performing tasks such as threat lookups and sighting searches.

    Show full answer Show less

    Note that some integration-specific actions (e.g., Create Indicators in Microsoft Defender) retain unique experiences due to their specialized use cases.

    Key Features

    • Three-step modal workflow: The framework organizes integration activities into up to three modal screens:
      • Implementations: Analysts select one or more implementations linked to a chosen capability. Each implementation details the integration source and additional configurable contextual information such as supported observable types or filters.
      • Common Inputs: This optional step gathers inputs common across all selected implementations. Currently, it is primarily used for the Sighting Search capability.
      • Run Time Details: This optional step collects inputs specific to individual implementations.
    • Contextual Information Display: Additional information columns help analysts understand implementation constraints and supportability, including observable type compatibility, improving decision-making during action execution.
    • Backend Filtering: While the UI allows selecting any implementation or observable type, backend logic filters unsupported records to ensure only valid data is submitted, with informational messages guiding users accordingly.

    Practical Impact for ServiceNow Customers

    • Provides a unified, intuitive interface for executing orchestration activities across multiple integrations, reducing cognitive load and disjointed workflows.
    • Enables customized configuration of additional information per implementation to enhance the analyst’s context and accuracy in selecting integration sources.
    • Supports flexible input collection tailored to the needs of each capability and integration, ensuring relevant data is captured efficiently.
    • Improves data integrity and processing by filtering incompatible observables in the backend while maintaining a user-friendly frontend experience.

    Next Steps

    ServiceNow customers can leverage this framework to enhance security operations by adopting the unified modal workflow for supported integrations. For detailed customization and technical configuration, refer to the UX framework technical configuration procedure.

    In the classic UI, the experience is disjointed when performing orchestration activities such as running threat look, performing sighting search, and so on. Each capability has its own experience while executing it. In the new workspace, there is unified experience across all capabilities.

    The unified experience is applicable only for those integrations and orchestration activities that fall within the capability framework. There can be actions specific to integration, for example, Create Indicators in Microsoft Defender. These actions will have its own experience as required by the use-case.

    The new framework consists of modal screens with three steps as explained below.

    1. Implementations: The first step involves selecting one or more implementations that are present against the selected capability.

      For example, when the Analyst clicks Run Threat Look Up, the Analyst will be able to select one or more implementations that are present for Run Threat Look Up capability.

      Each implementation will have the details of the Integration Source. Refer to the table below. Additional information is also presented against each implementation.

      Additional Information can include for example information on any filters, types of observables supported, etc. The Additional Information can be configured as desired. For more information, to UX framework technical configuration procedure.

      Table 1. Unified Implementation Framework Modal
      Implementation Description
      Name Name of the implementation.
      Integration Source The source of the implementation such as the configuration that is being used.
      Additional Information This column captures the static information which adds more context to the security analyst against the selected implementation(s) to proceed with an action. For example, supportability or filtered information. Also, if an implementation supports only a certain type of observables such as Domain or URL, then you can add that additional information here in this column to provide the context to the user.
      Note:
      The UI framework would basically allow the selection of any type of implementation and any type of observables. During the submission, the existing base system integrations that are shipped will take care of the filtering in the backend and submit only the supported type of observables. The rest of the records that don't match the supportability will be ignored. Hence, a UI information message is displayed while you select the capability: Only supported records will be submitted against the selected implementation(s).
      Figure 1. Screen 1: Implementation(s)
      Run Threat Lookup view: Available Implementations.
    2. Common inputs: Add common inputs for the selected implementations or for all the selected applicable implementations. This is the screen 2 of your implementation. For example, as of now only Sightings Search has the common inputs screen. This implementation is a combination of screen 1 (Implementations) and screen 2 (common inputs).
      Figure 2. Screen 1 + Screen 2
      Run Sighting Search view: Common inputs.
    3. Run time details: Add specific run time inputs for the selected implementations which are different from each other implementation. This is the screen 3 of your implementation. This implementation is a combination of screen 1 (Implementations) and screen 3 (specific run time inputs).
      Figure 3. Specific inputs
      Run Additional Actions view: Run time details.
    Note:
    Not all three steps are always required. Depending on the capability and the type of inputs required, the runtime details step and common inputs step will be visible.