Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Create an On-Demand Scan for ServiceNow

Create an On-Demand Scan to scan your ServiceNow environment to detect data loss prevention and malware issues. 


Before you begin the On-Demand Scan for ServiceNow, complete the ServiceNow API Integration in Skyhigh CASB. For details, see ServiceNow API Integration Setup.


  • To enable the ServiceNow ODS scan for your tenant, contact Skyhigh Security Support.
  • After ServiceNow API Integration Setup, wait for an hour to configure ODS Scan because the files, connect chats, and table in ODS Scan UI will be visible after an hour.

Create an On-Demand Scan

To create an On-Demand scan:

  1. Log in to Skyhigh CASB.
  2. Go to Policy > On-Demand Scan.
  3. Click Actions > Create a Scan. The Scan Creation Wizard displays. 
    • Scan Type. Select Data Loss Prevention (DLP) & Malware.
    • Name. Enter the name for the scan.
    • Description. Add an optional description for the scan.
    • Data Jurisdiction. Optional field. This field is enabled only when the admin sets the data jurisdiction in the Setting > User Management> Data Jurisdiction.
    • Service Instance. Select the ServiceNow instance you want to scan.
  4. Click Next
  5. On the Select Policies page, select the available policies that you want to use for your scan type. Click Next.  


  • Only Active policies are listed here.
  • If you don't see any policies on the Select Policies page, then you must create at least one DLP policy before creating a scan.
  • To create a new DLP policy, see Create DLP Policy. In the DLP Policy, currently the only supported response action is "Delete" using "Select Email Template". This response action deletes the sensitive file causing the violation and leaves a tombstone file. Then it sends an email to the ServiceNow user regarding the policy violation.
  1. On the Configure Scan page, configure the scope for your scan. 
    • Scan Type:
      • Full. Scans all content every time the scan is run.
      • Incremental. Scan only content that has changed since the last successful scan. 
    • Scan Dates:
      • Last X Day(s). Limit the scan to the specified time period.
    • Content. This section allows you to select FilesConnect Chat, and Table in ServiceNow. Select the required options from the content to scan the types of data. The fields associated with the content are also selected for the scan. You can click the Table Name link in the second column to view the selected fields and you can select or unselect the fields for the scan. 
  2. Click Next
  3. On the Schedule Scan page, select the frequency for your scan to run:
    • None (On-Demand Only). Run the scan once now.
    • Daily. Run the scan once a day. Configure the time and time zone. 
    • Weekly. Run the scan once a week. Configure the day, time, and time zone. 

NOTE: Based on the configured time period, the Daily or Weekly scan runs automatically. Once the scan is completed, you can view the results, or rerun the scan anytime on the On-Demand Scan page. 

  1. Click Next
  2. On the Review & Activate page, review your settings for the On-Demand Scan, and click Save.  Or click Back to make changes. 

On-Demand Only Scan 

For On-Demand Only scan, manually run the scan as described below:

  1. On the Scan page, click the Scan Name that you want to run now.
  2. On the Scan Details page, click Run Scan Now. If you want to estimate the scan, click Estimate Scan Duration.
  3. To begin the scan, click Start. If you want to configure the scan, click Edit.
  4. Once the scan is started, you can see the various status of the scan as Scan pending, Scan initializing, Scan in progress. On the successful completion, the following screen is displayed.
  5. Go back to the Scan page to check if any incidents are generated after the completion of the last scan.
  6. Click the Last Scan Incidents number to view the details of the violation. You are redirected to the Policy Incidents page. 
  7. Click the required incident in the table to see the Cloud Card for details.
  8. You can view the details of the violation and click View in the ServiceNow path to view the violation details on the ServiceNow account.
  9. Based on the DLP Policy, if any violation occurs then the sensitive file attachments are deleted immediately and an email is sent to the ServiceNow user regarding the violation.
  • Was this article helpful?