The Armis Incident Integration opens an incident in ServiceNow automatically. The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.
Tickets opened by the Armis platform include comprehensive device and incident details such as the device type, classification, threats, vulnerabilities, and more. The Armis app encapsulates the user’s ticket creation logic and can accommodate unique logic like opening an incident ticket that triggers actions like:
-
a ServiceNow resolution workflow
-
a user-specific Alert aggregation or deduplication logic
- Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IoT, OT/ICS, and medical devices
- Receive additional and contextual information about devices and events from the Armis platform
- Leverage policy-based actions in the Armis platform to remediate threats and to update incidents for greater accuracy and efficiency.
Version 1.3.0
This release is Certified for Yokohama.
Adds support for "Critical" alerts from armis.
Version 1.2.1
This release is Certified for Washington and Xanadu. The Armis Incident Integration Dashboard has been migrated to the Platform Analytics Experience.
Version 1.2.0
This minor release is Certified for Vancouver, Utah and Tokyo. It updates the integration's Authorization flow to use a Flow Designer Action and submit the token via multipart/form-data for improved security.
Version 1.1.0
This release adds the ability to filter Armis Alerts based on severity (riskLevel) and optional support for Event Management.
The integration now includes an additional transform map that can be activated to insert Events into the em_event table instead of directly inserting Incidents.
- Transform Map and Transform Scripts to optioinally support em_event
- Event Severity Mapping UI
- Severity Filtering Toggles
- Incident
- ServiceNow IntegrationHub Action Template - Data Stream