ServiceNow Data Connector

The BigPanda Unified Data Connector (UDC) syncs data from ServiceNow to provide context and insights for AI Incident Assistant (Biggy), AI Incident Prevention, and AI Detection and Response. Ingested data is securely stored and made available in the IT Knowledge Graph, powering accurate answers, deep analytics, trend analysis, and advanced capabilities.

Not bi-directional and monitoring incident sync

The Data Connector does not enable incident sync and sharing from the BigPanda event monitoring incident feed. See the ServiceNow integration documentation for details on managing incidents with ServiceNow and BigPanda.

Authorization

Use either OAuth2 or basic HTTP auth to configure Unified Data Connector with ServiceNow. OAuth2 is recommended for production environments.

Create the required credentials for your chosen authorization method, then send them to your BigPanda account team who will finish the authorization process.

Time conversion

The Unified Data Connector will convert all date and time fields into UTC. This ensures consistent date handling across different environments and time zones.

The system also automatically combines the date format and time format for complete date/time parsing. (For example, YYYY-MM-DD HH:mm:ss)

Configure UDC with OAuth2

OAuth2 enhances security and ease of use. This method won’t store user passwords and automatically refreshes expired tokens.

To get started, configure the application registry on your ServiceNow instance. The steps are the same as the Splunk instructions found on the ServiceNow site. The Client ID and Client Secret should be saved so that you can send these to your BigPanda account team.

Once you’ve completed that step, provide the following credentials to your BigPanda team.

Field	Description
Instance	The name of your ServiceNow instance. (i.e. `yourinstance.service-now.com`)
Client ID	Client ID copied from your ServiceNow application registry.
Client secret	Client secret copied from your ServiceNow application registry.
Time zone	Time zone of your ServiceNow instance. (Used for incremental filtering.)

Configure UDC with HTTP basic auth

If you’re unable to use OAuth2, you can configure HTTP basic authentication to connect your data. We strongly recommend creating a unique user for BigPanda in ServiceNow to clearly track activity and customize permissions.

Field	Description
Instance	The name of your ServiceNow instance. (i.e. `yourinstance.service-now.com`)
Username	Username of the account used to access ServiceNow.
Password	Password of the account used to access ServiceNow.
Timezone	Time zone of your ServiceNow instance. (Used for incremental filtering.)

The BigPanda team will use your ServiceNow credential information to set up the data connector. Certain fields and options are customizable depending upon your organization’s preferences and requirements.

(Optional) Configure mutual TLS certification

The ServiceNow data connector supports Mutual TLS (mTLS) authentication, providing an additional layer of security for organizations that require client certificate verification. You can use this in combination with either OAuth2 or basic HTTP authentication.

To enable mTLS, you must provide the following information to your BigPanda account team:

Parameter	Description
Certificate	Your client certificate in PEM format
Key	Your client private key in PEM format

Use the PEM format below when providing both the certificate and key. Certificates must include the -----BEGIN and -----END markers and each marker must be on its own line.

-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAJC1HiIAZAiU...
(base64 encoded certificate data)
...AQ8AMIIBCgKCAQEArXk
-----END CERTIFICATE-----

Sync preferences

Provide the following information about your sync preferences to BigPanda:

Required Configuration

Option	Description
Mode	Determine whether you’d like to set up an incremental or historical sync. Most organizations will need to use both modes. See the Streaming Modes section for more information.

Optional Table-level Configuration

Option	Description
Related Tables	For each table, you can choose to include a related table. For example, if an incident has CIs, you can include the `task_ci` related table to collect them along with the incident. See the Related Tables section below for a list of related tables and join fields.
Filter	You can apply query filters to specific tables to granularly choose what data is extracted. Each table’s filter is applied independently. Tables without a filter will load all records. Filters use ServiceNow's encoded query syntax with `^` as `AND` and `OR` as `OR`. We recommend using ServiceNow's query builder to test filters before adding them to the configuration. See the ServiceNow documentation for more information.
Fields	Determine which fields you’d like to include from each ServiceNow table. You can also choose to include all fields.

Option

Description

Related Tables

For each table, you can choose to include a related table.

For example, if an incident has CIs, you can include the task_ci related table to collect them along with the incident.

See the Related Tables section below for a list of related tables and join fields.

Filter

You can apply query filters to specific tables to granularly choose what data is extracted. Each table’s filter is applied independently. Tables without a filter will load all records.

Filters use ServiceNow's encoded query syntax with ^ as AND and OR as OR.

We recommend using ServiceNow's query builder to test filters before adding them to the configuration. See the ServiceNow documentation for more information.

Fields

Determine which fields you’d like to include from each ServiceNow table. You can also choose to include all fields.

Optional Pipeline Configuration

Option	Description
Start Date	If you’re setting up a historical sync, provide the date of when you’d like the sync to begin. If no start date is provided, all data will be synced. We recommend syncing one year of data.
End Date	Used for historical syncs only. Provide an end date to backfill historical syncs.
Read Replica	ServiceNow supports read replicas through the `sysparm_query_category` parameter. This allows you to direct queries to specific database replicas within ServiceNow's infrastructure. If you’d like to set this up, provide your replica name.
Batch size	The `sysparm_limit` parameter defines the number of items requested from SNOW in a single call. The default is 1000.
Timeout	The `request_timeout` parameter defines how long the system will wait before timing out a request. The default is 100 seconds.

Performance-Related Configuration

Option	Description
Query Limit	The maximum number of queries that can be sent per minute. The default is 60 queries per minute.
Rate Limit Timeout (MS)	The timeout period in milliseconds after the query limit has been reached. The default is 1000 ms (1 second).

In this section: