Cloudlock for ServiceNow is available for Istanbul, Jakarta, Kingston, London, Madrid, New York, Orlando, Paris and Quebec releases and only through the ITSM (Information Technology Service Management) suite. For prerequisites and Installation of ServiceNow into your Cisco Cloudlock environment, please see
the Quick Start Setup Guide for ServiceNow.
Cisco Cloudlock monitors ServiceNow in the following policies:
In addition to the Global Response Actions available in all platforms, ServiceNow also has three unique Response Actions:
Assigns the incident to a designated ServiceNow Group for review.
Assigns the incident to a specified ServiceNow user for review.
Quarantines Journal Entries, Table Fields or Files with the option to encrypt the asset. The original content is replaced with a customized message and reason for the quarantine. Table Fields and File quarantines also have the option to add a work note.
When a ServiceNow object is quarantined:
- A new record is created in a Cloudlock-created quarantine table.
- Quarantined files, if any, are removed from the original location and reattached to the quarantine table record.
- Content other than files is removed from the original location and stored in an encrypted field in the quarantine table record (Note: this is the case only when the ServiceNow Encryption Support plugin is enabled).
- Only ServiceNow users with the required role can view quarantined records.
- The original content is replaced with a message indicating that the quarantine action has occurred.
The following are some examples of matches on Custom Regex and Predefined policies with different file formats.
For a DLP incident, you can click View Object in the uppermost right corner to view the file that violated the policy.
Only ServiceNow users with an admin role can view the object. If the object is quarantined, the user must log in with Cloudlock admin credentials to view.
Updated 3 months ago