Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

ServiceNow Policy Incidents

The Policy Incidents page is a central repository of all incidents that have violated Policies. All services are consolidated on this page, or you can choose to view the violations occurring in just the ServiceNow service.

Find the page at The Incidents > Policy Incidents. For more information, see Policy Incidents Page.
clipboard_e42f1b22b13acd7b67c2bfa9906832790.png

Request Item Number (RITM) in ServiceNow 

You can request an item in ServiceNow through the Service Catalog to get a Request Number and a RITM number. When you order the item through CMS or the Service Portal, ServiceNow uses a process called Request Fulfillment. For example, you can request a mobile phone, virtual desktop, PC Refresh, or system access. For more information about RITM, see ServiceNow Catalog Request Fulfillment.

Create a Request in Service Catalog

To request an item in Service Catalog:

  1. Go to Service Catalog > Categories and select the required item.
    clipboard_eb8fd78b230293bbf0e05068cde186146.png 
  2. Click Order Now.
    clipboard_e62caa385f029c43cd3ef76b7255fafc3.png
  3. Enter the details and click Checkout.
    clipboard_e09111e5fc8735bac1e216173ec68174b.png
  4. The RITM number and Request Number are created.
    clipboard_ec194fcf360985c001686f80cc3a5afef.png

ServiceNow Catalog Request Fulfillment

To create a request through catalog fulfillment, see Create a Request. The Request Fulfillment has different variables in different fields. You can also see attachments in ServiceNow. These fields or attached files can contain sensitive information. The Skyhigh CASB DLP policy detects sensitive information, and if a policy is violated, then incidents are generated. 
clipboard_e7ea2ae3f4680397de91ad3788aff4596.png

Here you can see the details of DLP violations in ServiceNow fields or file attachments in Service Catalog Request Fulfillment. You can also detect the RITM to see the ServiceNow fields or files where the DLP violation occurred.

On the Policy Incidents page, copy the specific sys_id and open it in ServiceNow to view the RITM number where the DLP violations have occurred as shown below.

To view the DLP violation details in ServiceNow:

  1. Go to Incidents > Policy Incidents
  2. Under Service Name, select the ServiceNow. Click any incident in the table to see the Details pane for that incident. 
    clipboard_e665c4d58d292545597ac29b10673d7fa.png
  3. The Item Name displays the URLs of objects (fields) and attachments (file) that provide the details of violations in ServiceNow.
    clipboard_efc729026295a8afcf7d57fcd47b6e5b2.png
  4. For field violations, you can construct a URL for the object. Copy the URL from the item name and paste it into the browser after the proxy URL as shown below:
    • If there is a RITM incident in the Item Name, construct the URL as: https://<Proxy URL>/sc_req_item.do?sys_id=567f52942fa01010f2283c96f699b6a0
    • If there is an incident in the Item Name, construct the URL as: https://<ProxyURL>/incident.do?sys_id=567f52942fa01010f2283c96f699b6a0
      clipboard_ed84a4ad8c70d74c7952c3e424af3f059.png
  5. For file violations, you can construct a URL for the attachment. Copy the URL from the Item Name and paste it into the browser after the proxy URL to access the violated file directly as shown:
    https://<ProxyURL>/sys_attachment_list.do?sysparm_query=table_sys_id%3D567f52942fa01010f2283c96f699b6a0^file_name%3Dnotworking.docx
    21aaaa.png
  6. The DLP Policy violations details are shared via notifications, if configured, in the following format:
    clipboard_e5b98b33fec4368153d629e282cdbbc57.png
     
  • Was this article helpful?