On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Fixes to ServiceNow Incidents

Workflow #0053

This workflow fetches all Kenna vulnerabilities for a given asset group and creates a ServiceNow ticket for each unique asset with vulnerabilities and fixes available.

Note: By default, this workflow is configured to create a maximum of 100 ServiceNow incident tickets per execution. You can change this using the Ticket Limit local variable.

Overview GitHub

Change Log

Date Notes
Dec 16, 2021 - Initial release
Jan 24, 2022 - Updated to end successfully if the ticket limit is reached, as opposed to ending and failing
Feb 10, 2022 - Updated the default values for the ServiceNow User ID and Ticket Limit local variables
Mar 10, 2022 - Updated to support the external_identifier that’s now required by the Kenna API
Sep 7, 2022 - Minor updates to naming and descriptions

See the Important Notes page for more information about updating workflows


  • The following system atomics are used by this workflow:
    • None
  • The following atomic actions must be imported before you can import this workflow:
  • The targets and account keys listed at the bottom of the page
  • Kenna Security
  • ServiceNow

Workflow Steps

  1. Make sure the required inputs were provided
  2. Fetch global variables
  3. Get a list of assets for the risk meter group and read them to a table
  4. Check if assets were found:
    • If not, end the workflow
    • If so, loop through each asset:
      • If the ticket limit has been reached, end the workflow
      • Get fixes for the asset
      • Get vulnerabilities for the asset (where a fix is available, a due date is set, and there’s no ServiceNow ticket association)
      • Parse vulnerabilities and fixes into text for ServiceNow
      • Create a ServiceNow incident
      • Update the vulnerabilities in Kenna with the ServiceNow ticket


  • Add your Kenna API token to the API Token local variable (or, if you have an API key in a global variable already, set the local variable to the global’s value using the Fetch Global Variables group at the beginning of the workflow)
  • Set the Kenna Instance URL local variable to the URL of your Kenna instance (for example: customer.kennasecurity.com)
  • Set the Risk Meter Group ID local variable to the ID of the risk meter group you want the workflow to process. You can get this by viewing the group in your Kenna console and looking at the page URL. The group ID should be after search_id=. For example, in this URL the group ID is 123456: /explore?search_id=123456&name=....
  • Set the Risk Score Threshold local variable to the minimum risk score you want the workflow to process. Anything with a risk score less than this value will be ignored
  • Set the ServiceNow User ID local variable to the username you want incidents opened as. This can either match the username in your ServiceNow Account Key or, if the account has the appropriate permissions, can be a different user
  • (Optional) Update the Ticket Limit local variable with the maximum number of ServiceNow tickets you want the workflow to create per execution
  • By default, this workflow will not run automatically. Click here to learn about scheduling it to run on its own


Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Kenna_Target HTTP Endpoint Protocol: HTTPS
Host: api.kennasecurity.com
Path: None
ServiceNow HTTP Endpoint Protocol: HTTPS
Host: <instance>.service-now.com
Path: /api
ServiceNow_Credentials Be sure to use your instance URL

Account Keys

Account Key Name Type Details Notes
ServiceNow_Credentials HTTP Basic Authentication Username: ServiceNow User ID
Password: ServiceNow Password