Cloudflare Docs
Cloudflare Zero Trust
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
View GitHub RSS feed
Set theme to dark (⇧+D)

ServiceNow

The ServiceNow integration detects a variety of data loss prevention, account misconfiguration, and user security risks in an integrated ServiceNow instance that could leave you and your organization vulnerable.

​​ Integration prerequisites

​​ Integration permissions

For the ServiceNow integration to function, Cloudflare CASB requires the following permissions:

  • Global application scope

These permissions follow the principle of least privilege to ensure that only the minimum required access is granted. To learn more about each permission, refer to the ServiceNow Application scope documentation.

​​ Security findings

The ServiceNow integration currently scans for the following findings, or security risks. Findings are grouped by category and then ordered by severity level.

To stay up-to-date with new CASB findings as they are added, bookmark this page or subscribe to its RSS feed.

​​ Instance security

Identify security risks related to the ServiceNow instance itself.

FindingSeverity
ServiceNow Production Instance with exposed admin credentialsCritical
ServiceNow Production Instance with exposed database user credentialsHigh
ServiceNow Instance with exposed admin credentialsHigh
ServiceNow Instance with exposed database user credentialsMedium

​​ User security

Flag user-related security risks and misconfigurations.

FindingSeverity
ServiceNow user with pending password resetHigh
ServiceNow user with 3+ failed login attemptsMedium
ServiceNow user with locked accountLow
ServiceNow user without MFA enabledLow
ServiceNow user with no assigned rolesLow
ServiceNow user inactiveLow
ServiceNow user without recent activityLow

​​ Incident management

Identify issues related to ServiceNow incidents.

FindingSeverity
ServiceNow incident with no assigned user and High PriorityHigh
ServiceNow incident with no assigned userMedium

​​ Knowledge management

Highlight potential misconfigurations in ServiceNow knowledge articles.

FindingSeverity
ServiceNow knowledge article without expiration dateLow
ServiceNow knowledge article without any rolesLow
ServiceNow knowledge article with flagged statusLow

​​ Integration and access

Detect issues related to ServiceNow integrations and access controls.

FindingSeverity
ServiceNow Internal Integration userLow
ServiceNow Web Service Access only userLow