ServiceNowGenericFeed#43756
ServiceNowGenericFeed#437564nshumaan wants to merge 1 commit intodemisto:contrib/4nshumaan_ServiceNowGenericFeed-Packfrom
Conversation
content-bot
added
Contribution
content-bot
changed the base branch from
master
to
contrib/4nshumaan_ServiceNowGenericFeed-Pack
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @kamalq97 will know the proposed changes are ready to be reviewed. |
|
Hi @4nshumaan, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link. |
🤖 AI-Powered Code Review AvailableHi @kamalq97, you can leverage AI-powered code review to assist with this PR! Available Commands:
|
content-bot
added
Community
Contribution Form Filled
There was a problem hiding this comment.
Pull request overview
Adds a new Cortex XSOAR content pack, ServiceNowGenericFeed, intended to fetch records from ServiceNow CMDB endpoints and ingest them into TIM as indicators with user-defined tags.
Changes:
- Introduces new pack metadata and contributor metadata for ServiceNowGenericFeed.
- Adds a new feed integration (YML + Python) to fetch ServiceNow CMDB records and create indicators in TIM.
- Adds integration documentation and basic unit tests.
Reviewed changes
Copilot reviewed 8 out of 14 changed files in this pull request and generated 20 comments.
Show a summary per file
| File | Description |
|---|---|
| Packs/ServiceNowGenericFeed/pack_metadata.json | Defines pack metadata for marketplace publishing. |
| Packs/ServiceNowGenericFeed/CONTRIBUTORS.json | Adds contributor attribution for the pack. |
| Packs/ServiceNowGenericFeed/Integrations/ServiceNowGenericFeed/ServiceNowGenericFeed.yml | Defines integration UI/configuration for the ServiceNow feed. |
| Packs/ServiceNowGenericFeed/Integrations/ServiceNowGenericFeed/ServiceNowGenericFeed.py | Implements the integration client, fetch flow, and indicator creation. |
| Packs/ServiceNowGenericFeed/Integrations/ServiceNowGenericFeed/ServiceNowGenericFeed_test.py | Adds unit tests for indicator object creation and URL fetch behavior. |
| Packs/ServiceNowGenericFeed/Integrations/ServiceNowGenericFeed/README.md | Documents integration configuration and fetch behavior. |
| Packs/ServiceNowGenericFeed/Integrations/ServiceNowGenericFeed/ServiceNowGenericFeed_description.md | Adds Marketplace description content for the integration. |
| Packs/ServiceNowGenericFeed/Integrations/ServiceNowGenericFeed/test_data/baseintegration-dummy.json | Adds placeholder test data. |
| Packs/ServiceNowGenericFeed/Integrations/ServiceNowGenericFeed/ServiceNowGenericFeed_image.png | Adds integration image asset. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,27 @@ | |||
| { | |||
| "name": "ServcieNowGenericFeed", | |||
There was a problem hiding this comment.
The pack "name" is misspelled ("ServcieNowGenericFeed") and should match the pack directory/integration naming ("ServiceNowGenericFeed"). This will also affect pack identification in tooling and Marketplace publishing.
| "name": "ServcieNowGenericFeed", | |
| "name": "ServiceNowGenericFeed", |
| API_VERSION = "/api/now/cmdb/instance/" | ||
| ROOT_URL = "https://company-domain.service-now.com" | ||
|
|
||
|
|
There was a problem hiding this comment.
API_VERSION and ROOT_URL are defined but never used. This will trigger lint failures (unused variables) and should be removed or used.
| API_VERSION = "/api/now/cmdb/instance/" | |
| ROOT_URL = "https://company-domain.service-now.com" |
| human_readable, response = list_records_from_url(client, server_url) | ||
| if response.get("result", {}): | ||
| indicators = response.get("result", {}) | ||
| objs = create_indicator_object(indicators, feedtags, indicator_field) | ||
| add_indicators_to_tim(objs) |
There was a problem hiding this comment.
In the fetch-indicators flow, human_readable is assigned but never used. This is dead code and will trigger a lint error for an unused variable.
| ServiceNowGenericFeed fetches records from a ServiceNow CMDB API endpoint and ingests them as indicators into Cortex XSOAR TIM with user desired tags. | ||
| *** | ||
| ## ServiceNowGenericFeed | ||
| - This integration can be used to pull indicators form Service Now with a given user query and add them to the Threat Intelligence Module. |
There was a problem hiding this comment.
Spelling/branding: "pull indicators form Service Now" should be "pull indicators from ServiceNow".
| - This integration can be used to pull indicators form Service Now with a given user query and add them to the Threat Intelligence Module. | |
| - This integration can be used to pull indicators from ServiceNow with a given user query and add them to the Threat Intelligence Module. |
| @@ -0,0 +1,27 @@ | |||
| { | |||
| "name": "ServcieNowGenericFeed", | |||
| "description": "This pack contains an integration that can be used to pull indicators form ServiceNow CMDB and put them inside the XSIAM TIM with the option to provide tagging.", | |||
There was a problem hiding this comment.
Spelling: pack description says "pull indicators form ServiceNow"; should be "from ServiceNow".
| "description": "This pack contains an integration that can be used to pull indicators form ServiceNow CMDB and put them inside the XSIAM TIM with the option to provide tagging.", | |
| "description": "This pack contains an integration that can be used to pull indicators from ServiceNow CMDB and put them inside the XSIAM TIM with the option to provide tagging.", |
| "firstCreated": "2026-04-01T11:49:45Z", | ||
| "devEmail": [ | ||
| "anmishra@nd.gov" | ||
| ], | ||
| "githubUser": [] |
There was a problem hiding this comment.
pack_metadata.json uses a non-standard firstCreated field. Content repo packs typically use created (and include supportedModules for marketplace publishing). Using an unexpected key is likely to fail pack metadata validation.
| dockerimage: demisto/auth-utils:1.0.0.5427065 | ||
| feed: true | ||
| isFetchSamples: true | ||
| runonce: false | ||
| script: '' |
There was a problem hiding this comment.
The integration YML is missing standard fields like tests and fromversion, which are commonly required by content validation/CI.
| | query_url | The API route of the requested information in ServiceNow. | False | | ||
| | indicator_field | Field used to build indicator values. | False | |
There was a problem hiding this comment.
The README parameter table marks query_url and indicator_field as not required, but in the integration YML both are required: true. Please align the documentation with the actual configuration.
| | query_url | The API route of the requested information in ServiceNow. | False | | |
| | indicator_field | Field used to build indicator values. | False | | |
| | query_url | The API route of the requested information in ServiceNow. | True | | |
| | indicator_field | Field used to build indicator values. | True | |
| indicator_type = auto_detect_indicator_type(ind.get(indicator_field)) | ||
| indicator_obj = { | ||
| "value": ind.get(indicator_field), |
There was a problem hiding this comment.
create_indicator_object does not validate that the extracted indicator value exists or that auto_detect_indicator_type returned a valid type. If the field is missing/empty or the type can’t be detected, this will create indicator objects with value=None or type=None, which can cause indicator creation failures downstream.
| indicator_type = auto_detect_indicator_type(ind.get(indicator_field)) | |
| indicator_obj = { | |
| "value": ind.get(indicator_field), | |
| value = ind.get(indicator_field) | |
| if not value: | |
| # Skip records without the requested indicator field or with an empty value | |
| continue | |
| indicator_type = auto_detect_indicator_type(value) | |
| if not indicator_type: | |
| # Skip records for which the indicator type cannot be detected | |
| continue | |
| indicator_obj = { | |
| "value": value, |
| - additionalinfo: The format should be https://company.service-now.com/ | ||
| display: Server URL | ||
| name: url | ||
| required: true | ||
| section: Connect |
There was a problem hiding this comment.
The integration code supports OAuth/JWT, but the YML configuration does not expose any OAuth/JWT-related parameters for users to configure. Either add the missing configuration fields or remove the unused OAuth/JWT code to avoid unreachable/misleading logic.
kamalq97
added
ready-for-pipeline-running
marketplace-ai-reviewer
removed
the
ready-for-ai-review
|
🤖 Analysis started. Please wait for results... |
|
For the Reviewer: Trigger build request has been accepted for this contribution PR. |
|
For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/8115382 |
content-bot
removed
the
ready-for-instance-test
|
Validate summary Verdict: PR can be force merged from validate perspective? ❌ |
🤖 AI Review DisclaimerThis review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause. |
marketplace-ai-reviewer
left a comment
marketplace-ai-reviewer
left a comment
There was a problem hiding this comment.
Hi there, thanks for contributing this ServiceNow feed integration! I've reviewed your submission and found a few areas for improvement, primarily around code reuse, authentication, and documentation. Please update the code to utilize ServiceNowClient from the ServiceNowApiModule, ensure OAuth/JWT authentication parameters are fully implemented, and auto-generate the README using the demisto-sdk. Thanks again for your hard work, and let me know if you have any questions!
Additionally, please address the following file-level notes:
Packs/ServiceNowGenericFeed/Integrations/ServiceNowGenericFeed/ServiceNowGenericFeed_description.md: The description file is missing mandatory sections such as 'Permissions', 'Credentials', and 'Troubleshooting'. Please refer to the official guidelines for the required structure.
Also, the corresponding integration YML file (ServiceNowGenericFeed.yml) is missing the supportlevelheader key. Please add it with one of the xsoar/partner/community values to ensure the correct banner appears in the description.
Packs/ServiceNowGenericFeed/Integrations/ServiceNowGenericFeed/README.md: The README appears to be manually written. According to Cortex XSOAR guidelines, integration READMEs must be generated using thedemisto-sdk generate-docscommand.Packs/ServiceNowGenericFeed/Integrations/ServiceNowGenericFeed/command_examples.txt: Thecommand_examples.txtfile is empty. The review cannot proceed.Packs/ServiceNowGenericFeed/Integrations/ServiceNowGenericFeed/ServiceNowGenericFeed_image.png: Please replace this placeholder image with the official ServiceNow logo.Packs/ServiceNowGenericFeed/pack_metadata.json: The mandatory keycreatedis missing from the metadata.Packs/ServiceNowGenericFeed/README.md: Consider adding a "What does this pack do?" section to provide a clear overview of the integration's capabilities.
@kamalq97, @4nshumaan, @copilot-pull-request-reviewer[bot] please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.
| ROOT_URL = "https://company-domain.service-now.com" | ||
|
|
||
|
|
||
| class Client(BaseClient): |
There was a problem hiding this comment.
Remove the duplicated Client class and use ServiceNowClient from ServiceNowApiModule.
| """COMMAND FUNCTIONS""" | ||
|
|
||
|
|
||
| def test_module(client: Client) -> str: |
There was a problem hiding this comment.
Update type hint to ServiceNowClient and accept server_url.
|
|
||
| if client.use_oauth and not client.use_jwt: | ||
| return_error( | ||
| "Test button cannot be used when using OAuth 2.0. Please use the !servicenow-cmdb-oauth-login " |
There was a problem hiding this comment.
The OAuth login commands are missing from this integration.
| "command followed by the !servicenow-cmdb-oauth-test command to test the instance." | ||
| ) | ||
|
|
||
| response = client.http_request(method="GET", url_suffix="/api/now/cmdb/instance/cmdb_ci_linux_server") |
There was a problem hiding this comment.
- Test the user-provided
query_urland correctly handle empty results. - Hardcoded table in test module
| return "Test failed. Please check your instance URL and credentials." | ||
|
|
||
|
|
||
| def list_records_from_url(client: Client, server_url: str) -> tuple: |
There was a problem hiding this comment.
Update type hint to ServiceNowClient.
| | url | Server URL (e.g., https://api.xsoar-example.com). Default: https://company.service-now.com/ | True | | ||
| | credentials | API Key (username/password). | True | | ||
| | feedTags | Tags applied to fetched indicators. | False | | ||
| | query_url | The API route of the requested information in ServiceNow. | False | |
There was a problem hiding this comment.
The query_url parameter is incorrectly marked as not required.
| | credentials | API Key (username/password). | True | | ||
| | feedTags | Tags applied to fetched indicators. | False | | ||
| | query_url | The API route of the requested information in ServiceNow. | False | | ||
| | indicator_field | Field used to build indicator values. | False | |
There was a problem hiding this comment.
The indicator_field parameter is incorrectly marked as not required.
| @@ -0,0 +1,27 @@ | |||
| { | |||
| "name": "ServcieNowGenericFeed", | |||
| "description": "This pack contains an integration that can be used to pull indicators form ServiceNow CMDB and put them inside the XSIAM TIM with the option to provide tagging.", | |||
There was a problem hiding this comment.
| "description": "This pack contains an integration that can be used to pull indicators form ServiceNow CMDB and put them inside the XSIAM TIM with the option to provide tagging.", | |
| "description": "Integrate with ServiceNow CMDB to pull indicators into XSIAM TIM with tagging options.", |
| "TIM" | ||
| ], | ||
| "useCases": [], | ||
| "keywords": [], |
There was a problem hiding this comment.
| "keywords": [], | |
| "keywords": [ | |
| "ServiceNow" | |
| ], |
| "devEmail": [ | ||
| "anmishra@nd.gov" | ||
| ], | ||
| "githubUser": [] |
There was a problem hiding this comment.
Please provide valid GitHub usernames in the githubUser list.
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues