Cortex Xpanse ServiceNow App is configured after installation.
Once you have installed the Cortex Xpanse ServiceNow App, do the following to configure the App:
In the Filter Navigator, search for
Incident Mappings
. There are mappings defined as defaults, but these can be changed by clicking on the underlined Exposure Level, modifying the mapping using the drop-down, and clicking Update. Unmapped exposure levels do not have an incident level defined.In the Filter Navigator, search for
Event Types
, and select Event Types. There are default values for which event types should trigger incidents. To change these default settings, simply click the event type, and select or clear the Create Incident checkbox. When finished, click Update to propagate the change. Updating this default setting affects future incident creation only. Incidents are not recorded for unmapped event types.In the Filter Navigator on the left pane, search for
Expander
. Under the Expander section, select Expander Properties.Click the Expanse API Token field (listed as x_429990_expanse_a.api_token) and under Value, specify the Expander API Bearer token. To complete this step, click Update at the top right of the window, saving your Expander API token for the ServiceNow integration to use when calling Expander APIs. This update kicks off the ingestion of Expander data to generate ServiceNow incidents.