Coming Soon

ServiceNow integration

Q: Is the ServiceNow integration available now?

Not yet — it's in active development. Add your email below and we'll notify you the moment it ships.

Q: Will it create duplicate incidents every scan?

No. FortWatch links each finding to the incident it created, so a re-detected exposure updates the existing record, and an exposure that's been fixed can auto-resolve the linked incident on the next scan.

Q: Does it support our CMDB and change management?

That's the plan. FortWatch will be able to match the affected asset to an existing configuration item and attach the incident to it, and route findings that need scheduled work into the change-request workflow instead of the incident queue.

Ticketing & Project Management

ServiceNow is where many mid-market and enterprise teams run IT service management — incidents, change requests, and the CMDB that tracks every asset they own. The FortWatch ServiceNow integration (currently in development) will turn each new external exposure into a properly categorized ServiceNow incident, so a finding lands in the same queue your IT and security teams already triage instead of in a separate dashboard. That means external attack surface findings inherit your existing SLAs, assignment groups, and audit trail from the moment they're detected.

Get notified All integrations

New alert in ServiceNow

Criticaljust now

Exposed Redis on 203.0.113.10:6379

Unauthenticated database reachable from the internet.

View finding & step-by-step fix →

Delivered in < 1 minute

How it works

ServiceNow + FortWatch

FortWatch will connect to your ServiceNow instance over its REST API, authenticating with OAuth 2.0 (or a scoped integration user) against the Table API. When a scan completes and a new issue is confirmed, FortWatch creates a record in the incident table — populating short description, full description, category, and a severity-to-priority/urgency mapping — and writes back the new sys_id so the finding and the ServiceNow record stay linked. Re-detected findings update the existing incident rather than opening duplicates, and when FortWatch auto-resolves an issue (the exposure is gone on the next scan) it can move the linked incident to Resolved with a closure note. Where you maintain a CMDB, FortWatch can match the affected asset (domain, IP, or hostname) to a configuration item so incidents attach to the right CI, and higher-risk findings can be routed into the change-management workflow instead of straight to incident.

FortWatch scans

Eleven scanners watch your external attack surface around the clock — ports, certs, DNS, cloud buckets, exposed files and more.

AI triages the finding

Each issue is scored by real-world impact and packaged with the affected asset and a one-line explanation of the risk.

Delivered to ServiceNow

The finding lands in ServiceNow, routed by severity — so the right people see the right alert, fast.

Capabilities

What you'll be able to do

Everything the ServiceNow integration will bring to your security workflow.

Auto-create incidents

a new critical finding — an unauthenticated MongoDB or an exposed .env file — opens a ServiceNow incident in your security assignment group within minutes of detection.

Severity-to-priority mapping

FortWatch critical/high/medium/low maps onto ServiceNow priority via urgency and impact, so the finding inherits the right SLA timer automatically.

CMDB linkage

match the affected domain, IP, or hostname to an existing configuration item so the incident attaches to the correct CI and shows up in that asset's history.

Deduplication and lifecycle sync

re-detected exposures update the existing incident instead of spawning duplicates, and auto-resolved findings flip the linked incident to Resolved.

Change-request routing

send remediation that requires scheduled work — a TLS certificate renewal or a firewall rule change — into the change-management workflow rather than the incident queue.

Audit-ready trail

every external finding flows through the same ServiceNow records, work notes, and reporting your auditors already review.

In practice

What an alert looks like

Every finding arrives formatted for ServiceNow — severity up front, the affected asset, and a one-line explanation of why it matters, with a link straight to the step-by-step fix.

Severity-tagged and color-coded
The exact asset and port affected
One click to the full finding & remediation

ServiceNow

[INC] Critical · Exposed Redis on 203.0.113.10:6379\nUnauthenticated Redis is reachable from the internet — anyone can read, modify, or wipe the data and pivot onto the host.\nPriority: 1 - Critical (Urgency: High / Impact: High)\nCI: cache-prod-1   ·   Assignment group: Security Operations\nDetected: 2026-06-07 14:22 UTC by FortWatch port scan\nWork note: Bind Redis to localhost or a private interface and require AUTH. Full remediation steps and evidence linked in FortWatch.

Setup

Set it up in minutes, once it lands

No agents, no infrastructure changes — just connect ServiceNow and choose where alerts go.

When it launches, in FortWatch open Settings → Integrations and select ServiceNow, then enter your instance URL (yourcompany.service-now.com).

Authorize FortWatch via OAuth 2.0, or provide a dedicated integration user with rights to the incident table (and CMDB tables if you want CI linking).

Map FortWatch severities to ServiceNow priority/urgency/impact and choose the default category and assignment group for new incidents.

Optionally enable CMDB matching and set which finding types route to change requests instead of incidents.

Trigger a test finding to confirm the incident is created and formatted correctly, then turn the integration on.

Why route FortWatch into ServiceNow?

Security teams already drowning in tools rarely adopt one more queue — but they do work whatever lands in ServiceNow, because that's where their SLAs, assignment groups, and reporting live. Routing FortWatch findings into ServiceNow means an internet-facing exposure becomes a tracked, owned, time-bound incident instead of an alert someone might notice. It also closes the loop for governance: every external finding has a record, a responder, and a documented resolution your auditors can see.

FAQ

Frequently asked questions

Is the ServiceNow integration available now?

Not yet — it's in active development. Add your email below and we'll notify you the moment it ships.

Will it create duplicate incidents every scan?

No. FortWatch links each finding to the incident it created, so a re-detected exposure updates the existing record, and an exposure that's been fixed can auto-resolve the linked incident on the next scan.

Does it support our CMDB and change management?

That's the plan. FortWatch will be able to match the affected asset to an existing configuration item and attach the incident to it, and route findings that need scheduled work into the change-request workflow instead of the incident queue.