Overview
twigs allows you to ingest inventory from ServiceNow CMDB as assets in ThreatWorx. This includes software inventory as well. Twigs supports two modes of authentication with ServiceNow instance as below:
- User name & password based authentication
- Client ID & secret based authentication via OAuth
Pre-requisites
ServiceNow python SDK – pysnow is required. This will be installed automatically as part of twigs installation or can be separately installed via the ‘pip’ command.
To setup OAuth (client ID & secret), please refer to ServiceNow Community Blog.
Authenticated user (via user name/password or client Id/secret) needs read permissions for alm_entitlement_asset and cmdb_ci_computer tables.
Steps
For user name & password based authentication with ServiceNow use the command below:
twigs servicenow --snow_instance SNOW_INSTANCE --snow_user SNOW_USER --snow_user_pwd SNOW_USER_PWD [--enable_tracking_tags]
For client ID & secret based OAuth authentication with ServiceNow use the command below:
twigs servicenow --snow_instance SNOW_INSTANCE --snow_client_id SNOW_CLIENT_ID --snow_client_secret SNOW_CLIENT_SECRET [--enable_tracking_tags]
You can use “enable_tracking_tags” to track ServiceNow instance name and asset_tag from ServiceNow in ThreatWorx.
Example
$ twigs servicenow --snow_instance dev1234 --snow_user 'admin' --snow_user_pwd 'password' --enable_tracking_tags
Ingest your ServiceNow systems as assets in ThreatWorx using Password flow
$ twigs servicenow --snow_instance dev1234 --snow_client_id 'fe2342....er5' --snow_client_secret 'secret' --enable_tracking_tags
Ingest your ServiceNow systems as assets in ThreatWorx using OAuth flow (client ID and secret)