Unified experience framework for integrations powered by Capability Framework

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Unified experience framework for integrations powered by Capability Framework

    The Unified Experience Framework enhances orchestration activities in ServiceNow's new workspace by providing a consistent, streamlined interface across various security integration capabilities. Unlike the classic UI where each capability operated independently, this framework offers a cohesive user experience for integrations and orchestration activities governed by the Capability Framework. However, some integration-specific actions may retain unique interfaces based on their use case requirements.

    Show full answer Show less

    Key Features

    • Three-step modal workflow: The framework uses modal screens structured into up to three steps for executing capabilities:
      • Step 1 - Implementations: Users select one or more implementations related to the chosen capability, each showing details such as the integration source and additional context (e.g., supported observable types or filters).
      • Step 2 - Common Inputs: For selected implementations, users enter inputs common to all, applicable only when needed (e.g., Sightings Search capability).
      • Step 3 - Runtime Details: Users provide specific inputs unique to each selected implementation, if required.
    • Configurable Additional Information: Administrators can configure static contextual information displayed alongside each implementation to assist analysts in making informed selections.
    • Backend filtering of observables: The UI allows selection of any implementation or observable type, but backend logic ensures only supported observables are submitted, improving data accuracy and relevance.
    • Unified capability and modal screen mapping: Different capabilities correspond with specific modal screen combinations, enabling tailored user experiences while maintaining consistency.

    Benefits for ServiceNow Customers

    • Improved Analyst Efficiency: The unified framework reduces confusion and context switching by standardizing orchestration activities within a single, intuitive interface.
    • Flexible Integration Management: Customers can easily manage and configure multiple implementations per capability, with clear visibility into integration sources and constraints.
    • Enhanced Data Integrity: Built-in backend filtering ensures only supported data types proceed, minimizing errors and irrelevant submissions.
    • Customizable User Experience: Ability to configure additional information and input steps supports diverse use cases and evolving organizational needs.

    Overall, this framework empowers ServiceNow security teams to execute complex integration workflows more smoothly and reliably within the updated workspace environment.

    In the classic UI, the experience is disjointed when performing orchestration activities such as running threat look, performing sighting search, and so on. Each capability has its own experience while executing it. In the new workspace, there is unified experience across all capabilities.

    The unified experience is applicable only for those integrations and orchestration activities that fall within the capability framework. There can be actions specific to integration, for example, Create Indicators in Microsoft Defender. These actions will have its own experience as required by the use-case.

    The new framework consists of modal screens with three steps as explained below.

    1. Implementations: The first step involves selecting one or more implementations that are present against the selected capability.

      For example, when the Analyst clicks Run Threat Look Up, the Analyst will be able to select one or more implementations that are present for Run Threat Look Up capability.

      Each implementation will have the details of the Integration Source. Refer to the table below. Additional information is also presented against each implementation.

      Additional Information can include for example information on any filters, types of observables supported, etc. The Additional Information can be configured as desired. For more information, to UX framework technical configuration procedure.

      Table 1. Unified Implementation Framework Modal
      Implementation Description
      Name Name of the implementation.
      Integration Source The source of the implementation such as the configuration that is being used.
      Additional Information This column captures the static information which adds more context to the security analyst against the selected implementation(s) to proceed with an action. For example, supportability or filtered information. Also, if an implementation supports only a certain type of observables such as Domain or URL, then you can add that additional information here in this column to provide the context to the user.
      Note:
      The UI framework would basically allow the selection of any type of implementation and any type of observables. During the submission, the existing base system integrations that are shipped will take care of the filtering in the backend and submit only the supported type of observables. The rest of the records that don't match the supportability will be ignored. Hence, a UI information message is displayed while you select the capability: Only supported records will be submitted against the selected implementation(s).
      Figure 1. Screen 1: Implementation(s)
      Run Threat Lookup view: Available Implementations.
    2. Common inputs: Add common inputs for the selected implementations or for all the selected applicable implementations. This is the screen 2 of your implementation. For example, as of now only Sightings Search has the common inputs screen. This implementation is a combination of screen 1 (Implementations) and screen 2 (common inputs).
      Figure 2. Screen 1 + Screen 2
      Run Sighting Search view: Common inputs.
    3. Run time details: Add specific run time inputs for the selected implementations which are different from each other implementation. This is the screen 3 of your implementation. This implementation is a combination of screen 1 (Implementations) and screen 3 (specific run time inputs).
      Figure 3. Specific inputs
      Run Additional Actions view: Run time details.
    Note:
    Not all three steps are always required. Depending on the capability and the type of inputs required, the runtime details step and common inputs step will be visible.