The Silent Push application for ServiceNow enables customers to enrich security data within ServiceNow incidents by integrating Silent Push’s threat intelligence. The app allows users to leverage actions within ServiceNow Flow Designer to automate the enrichment process for security incidents.
Key Features
The Silent Push ServiceNow integration supports the following capabilities:
Domain and IP information: Includes risk scores, live Whois data, and certificate details to assess the security posture of domains and IPs.
Reputation data: Provides insights into the trustworthiness of ASNs, nameservers, and subnets.
Enrichment data: Offers comprehensive details for domains, IPv4, and IPv6 addresses, including DGA Probability, Alexa rank, registration details, and security flags.
Passive DNS (PADNS) data: Enables access to passive DNS records, enriched metrics like IP diversity, and support for forward/reverse PADNS lookups and density lookups.
URL scanning: Supports live URL scans to retrieve metadata and capture screenshots for threat analysis.
Scan Data: Allows querying Silent Push's scan data repositories using SPQL syntax.
Benefits
Faster Threat Detection and Response – ServiceNow incidents are automatically enriched with real-time threat intelligence, reducing manual research time.
Automated, Consistent Security Workflows – Playbooks can auto-block malicious domains/IPs and auto-create or triage incidents.
Proactive Threat Hunting – Enriched indicators enable pivoting across related infrastructure.
Streamlined Incident Investigation – Contextual data (DNS history, ASN) appears directly within ServiceNow.
Requirements
ServiceNow Instance
Silent Push API Key
Required Plugins:
Security Incident Response (sn_si)
Threat Intelligence (sn_ti_ac)
Installation
Install the Silent Push ServiceNow Package from the ServiceNow Store.
Once installed:
Navigate to the Silent Push Integration App via the Application Menu.
Follow the Guided Setup to configure the app.
Provide your Silent Push API Key and configure the Connection & Credential Alias pointing to
https://api.silentpush.com/api/v1/merge-api.Activate the scheduled job to fetch indicators from Silent Push.
Additional information about the ServiceNow integration can be found here: