Event Management - IBM/ServiceNow-Guardium-Vulnerability-Assessment GitHub Wiki

IBM Guardium Data Protection in ServiceNow

Event Management Module

  • IBM Guardium v12.0 can send Guardium alerts as ServiceNow events
  • To transform the event (em_event) to a ServiceNow alert (em_alert), the data must be massaged a little:
    • The time_of_event is written in the time zone of the Guardium machine. It should be GMT.
    • The classification is set to 5, but ServiceNow seems to ignores a value of 5. The classification value must be reset to 0 in order to continue tranforming into an em_alert.
    • The node is not the Guardium data source nor is it the ServiceNow CMDB configuration item. It should be set to an empty string.

Event Mapping Rule

  • The event mapping rule will attempt to parse the DATASOURCE value from the Guardium alert message
  • The DATASOURCE will be matched to an existing CMDB entry if you have installed and run the ServiceNow Guardium app
  • ServiceNow event mapping rule

Event Rule

  • You can create an event rule yourself, if you wish.
  • Be sure to:
    • Set node to empty value
    • Set classification to an empty value
  • Or you can import the event rule and the two records which set node and classification to empty
  • ServiceNow event rule + node + classification

To download:

  • Right-mouse click one of the links above (on Mac: CTRL + click)
  • Click "Save link as..."