SaaS Security Administrator's Guide
    : Begin Scanning a ServiceNow App
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. Data Security
    5. Secure Sanctioned SaaS Apps on Data Security
    6. Add Cloud Apps to Data Security
    7. Begin Scanning a ServiceNow App
    Download PDF

    SaaS Security Administrator's Guide

    Begin Scanning a ServiceNow App

    Table of Contents

    Begin Scanning a ServiceNow App

    Learn how to add a ServiceNow app so that Data Security can protect your assets against data exfiltration and malware propagation.
    To connect ServiceNow to Data Security and begin scanning files and folders, you need to:
    • Ensure that you have a ServiceNow account which has sufficient privileges.
    • Grant Data Security access to ServiceNow.
    • Add the ServiceNow app to Data Security, providing Data Security information about your ServiceNow.
    Support for automated remediation capabilities varies by SaaS application.

    Add ServiceNow App

    In order for Data Security to scan assets, you must consent to specific permissions during the course of adding the ServiceNow app. Without the requested permissions, Data Security can't authenticate with ServiceNow and can't scan assets, even after you successfully install the ServiceNow app.
    1. (Recommended) Add your ServiceNow app domain as an internal domain.
    2. Register Data Security in the ServiceNow management console.
      1. Log in to the ServiceNow management console as admin.
      2. Select System OAuthApplication Registry.
      3. Select NewCreate an OAuth API endpoint for external clients.
      4. Enter a unique Name for Data Security.
      5. If you're using the Istanbul and later releases, enter a Redirect URI or URL. The redirect you enter depends on the Data Security location:
        For North America, use:
        https://app.aperture.paloaltonetworks.com/auth/servicenow/callback
        For Europe, use:
        https://app.aperture-eu.paloaltonetworks.com/auth/servicenow/callback
        For Asia-Pacific, use:
        https://app.aperture-apac.paloaltonetworks.com/auth/servicenow/callback
        For India, use:
        https://app.in1.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
        For Japan, use:
        https://app.jp1.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
        For UK, use:
        https://app.uk2.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
        For Australia, use:
        https://app.au1.prisma-saas.paloaltonetworks.com/auth/servicenow/callback
      6. Submit your changes.
    3. To add the ServiceNow app on Data Security, go to Data SecurityApplicationsAdd ApplicationServiceNow.
      1. Log in to the ServiceNow app.
        • For Istanbul and later releases, enter the ServiceNow URL (for example, https://acmecorp.service-now.com/), Client ID, and Client Secret.
        • For earlier releases (Fuji, Geneva, or Helsinki) enter the ServiceNow URL (for example, https://acmecorp.service-now.com/), Client ID, and Client Secret. Also, enter the Username and Password for your ServiceNow account.
        You can copy the client ID and client secret from the System OAuthApplication Registry page in the ServiceNow management console.
      2. Click OK.
      3. Allow Data Security access to the ServiceNow account.
        After authentication, the new ServiceNow app is added to the list of Cloud Apps as ServiceNow n, where n represents the number of ServiceNow app instances you have connected to Data Security. The instance displays a list of available tables.
    4. Next step: Proceed to Customize ServiceNow App.

    Customize ServiceNow App

    Customizations include modifying your ServiceNow app name.
    1. (Optional) Give a descriptive name to this app instance.
      1. Go to Settings and select the ServiceNow n instance listed.
      2. Enter a descriptive Name to differentiate this instance of ServiceNow from other instances.
    2. (Recommended) Enter an Admin UserName (for example, admin@servicenow.com).
      As a best practice, create a separate administrator account and use that email address for Data Security. If you opt to use an existing admin account instead of a new account, the administrator activities are not tracked on Data Security. Creating a separate account enables you to monitor events generated by ServiceNow administrators on ExploreActivities.
    3. Click Done to save your changes.
    4. Next step: Proceed to Identify Risks.

    Identify Risks

    When you add a new cloud app, then enable scanning, Data Security automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
    1. Start scanning the new ServiceNow app for risks.
    2. Monitor the scan results.
      During the discovery phase, as Data Security scans files and matches them against enabled policy rules, verify that your default policy rules are effective. If the results don’t capture all risks or you see false positives, proceed to next step to improve your results.
    3. (Optional) Modify match criteria for existing policy rules.
    4. (Optional) Add new policy rules.
      Consider the business use of your cloud app, then identify risks unique to your enterprise. As necessary, add new:
    5. (Optional) Configure or edit a data pattern.
      You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.

    Tables Scanned by DLP

    The DLP service scans the following database tables on ServiceNow. To enforce best practice, the SaaS Security web interface does not allow you to add or remove database tables from scans: SaaS administrators need to consult with the database administrator before adding or removing tables from scans. After consulting with your database administrator, contact Palo Alto Networks Customer Support to manually add or remove a table.
    If ServiceNow does not expose a given database table, the DLP service can't scan it.
    change_phase
    change_request
    change_request_imac
    change_task
    cmdb
    incident
    incident_task
    kb_knowledge
    kb_submission
    problem
    problem_task
    release_phase
    release_task
    task
    ticket
    sc_req_item
    sc_request
    sc_task
    sn_hr_core_beneficiary
    sn_hr_core_benefit
    sn_hr_core_benefit_provider
    sn_hr_core_benefit_type
    sn_hr_core_bonus
    sn_hr_core_case
    sn_hr_core_case_operations
    sn_hr_core_case_payroll
    sn_hr_core_case_relations
    sn_hr_core_case_talent_management
    sn_hr_core_case_total_rewards
    sn_hr_core_case_workforce_admin
    sn_hr_core_direct_deposit
    sn_hr_core_op_report
    sn_hr_core_op_report_frequency
    sn_hr_core_op_report_type
    sn_hr_core_op_system
    sn_hr_core_op_system_to_report_type
    sn_hr_core_profile_bank_account
    sn_hr_core_retirement_benefit
    sn_hr_core_task
    sn_hr_core_tuition_reimbursement
    sn_si_incident
    sn_si_request
    sn_si_task
    sysapproval_group

    © 2025 Palo Alto Networks, Inc. All rights reserved.