HomeDocumentation and Guides


Cloudlock for ServiceNow is available for Istanbul, Jakarta, Kingston, London, Madrid, New York, Orlando, Paris and Quebec releases and only through the ITSM (Information Technology Service Management) suite. For prerequisites and Installation of ServiceNow into your Cisco Cloudlock environment, please see
the Quick Start Setup Guide for ServiceNow.

Table of Contents


Cisco Cloudlock monitors ServiceNow in the following policies:

Data Loss Prevention (DLP)

Response Actions

In addition to the Global Response Actions available in all platforms, ServiceNow also has three unique Response Actions:

Assign to Group

Assigns the incident to a designated ServiceNow Group for review.

Assign to User

Assigns the incident to a specified ServiceNow user for review.

Quarantine and Selective Encryption

Quarantines Journal Entries, Table Fields or Files with the option to encrypt the asset. The original content is replaced with a customized message and reason for the quarantine. Table Fields and File quarantines also have the option to add a work note.

When a ServiceNow object is quarantined:

  • A new record is created in a Cloudlock-created quarantine table.
  • Quarantined files, if any, are removed from the original location and reattached to the quarantine table record.
  • Content other than files is removed from the original location and stored in an encrypted field in the quarantine table record (Note: this is the case only when the ServiceNow Encryption Support plugin is enabled).
  • Only ServiceNow users with the required role can view quarantined records.
  • The original content is replaced with a message indicating that the quarantine action has occurred.
505 498 507

Incident Examples

The following are some examples of matches on Custom Regex and Predefined policies with different file formats.

View an Object

For a DLP incident, you can click View Object in the uppermost right corner to view the file that violated the policy.


Only ServiceNow users with an admin role can view the object. If the object is quarantined, the user must log in with Cloudlock admin credentials to view.