1. Introduction
The ServiceNow integration with Hyver streamlines collaboration by keeping incidents and findings perfectly in sync.
Whenever Hyver detects a new finding or a change in a remediation asset, it automatically sends a notification to ServiceNow. A ServiceNow incident is then created for each event — no manual work needed.
The integration also works the other way around: updates in ServiceNow flow back into Hyver. For example, if you change a ServiceNow ticket’s status to Fixed, the corresponding finding in Hyver is automatically updated to Fixed as well.
This two-way synchronization ensures that remediation work recorded in ServiceNow is always reflected in Hyver. As a result, your teams can continue working in their preferred system, while both platforms stay aligned in real time.
2. Prerequisites
Create a Hyver Access Token for ServiceNow to authenticate to Hyver
The token may already exist. Go to settings > Access tokenHyver URL to configure authentication to Hyver in ServiceNow
ServiceNow instance
Client ID and secret from ServiceNow OAuth endpoint to be used by Hyver for authentication
Administrator access to Hyver and ServiceNow
Workflow
Authenticate with ServiceNow.
Create an access token in Hyver for ServiceNow to authenticate to Hyver.
The Hyver token and Hyver URL for ServiceNow may already exist.Create an OAuth API endpoint in ServiceNow to provide the client ID and secret to be used in Hyver.
Map ServiceNow fields to Hyver fields.
Configure notification rules in Hyver to automate ticket creation in ServiceNow.
Create a webhook in ServiceNow and use the Hyver access token and Hyver URL in a script.
This enables ServiceNow to authenticate to Hyver and enables the support for status updates between ServiceNow and Hyver.
Required IP Addresses
For the integration to work smoothly, you may need to allow traffic from Hyver’s servers in your firewall or network configuration. This ensures that Hyver can securely connect to your environment and perform scans without being blocked.
Depending on your region and the type of scan, add the following IP addresses:
General IPs:
Europe →
18.198.79.197America →
52.1.10.176,35.171.70.87
IPs for Azure and AWS Scans:
Europe →
18.158.77.90America →
34.206.252.13
In most cases, you only need to add the IPs relevant to your region and use case.
Multi-Company Dashboard and Integrations
This section explains how Hyver’s Multi-Company Dashboard works in general, and how integrations behave when used in a Multi-Company setup.
What is the Multi-Company Dashboard?
Hyver’s Multi-Company Dashboard is designed for large enterprises with multiple subsidiaries. It gives you:
A centralized view of cybersecurity risk across the entire organization
Key metrics like exposure, cost of breach, and maturity scores
The ability to switch between subsidiaries and view their individual data
Parent admins and power users can view aggregated and subsidiary-level risk, while detailed findings remain visible only to members of the specific subsidiary
Data that updates in real time
To enable Multi-Company, contact your CYE Technical Account Manager.
How Integrations Work in Multi-Company
Here’s the important part:
Integrations are created only at the subsidiary level
Findings from an integration appear only in that subsidiary’s dashboards and reports
Parent companies cannot create integrations — they can only view the aggregated results
Best Practices for Combining Integrations with Multi-Company
To get the most out of Multi-Company with integrations, we recommend:
Each subsidiary should create its own integration, using credentials that only grant access to data relevant to that subsidiary
In some cases, it’s useful to also have a dedicated “General” company, which holds findings that apply to the entire enterprise and cannot be tied to a single subsidiary
The parent company then combines these insights and metrics from all subsidiaries and the General company — but remember, integrations cannot be connected directly to the parent company.
3. Configuring on the ServiceNow Side
Configuring OAuth in ServiceNow
This section describes how to configure the OAuth that Hyver will use to connect to ServiceNow.
Log in to ServiceNow.
Open Application Registries in ServiceNow:
Click New at the top right:
Select the first option: Create OAuth API endpoint for external clients:
Add the following information in the form:
Refresh Token Lifespan: 860,000,000
Access Token Lifespan: 860,000,000
Name: Hyver
Then:
From the menu at the top left of the page, select the Save option to create a Client Secret.
Click Submit and then open the new application registry to view the client ID and secret:
Click the lock icon to reveal the client secret.
This client secret and client ID are required in the Hyver interface when you select OAuth authentication in Hyver:
Input the required credentials in Hyver:
4. Configuring in Hyver
Configuring Authentication in Hyver
Before you start, you must have configured OAuth in ServiceNow to get the client ID and client secret for this task.
There are two options for authentication:
OAuth
OAuth is recommended.
Basic authentication
Configuring OAuth
Click the settings icon to open the Settings menu and select Integrations
Select Add integration on the ServiceNow tile to open the integration configuration screen:
Configure authentication to ServiceNow using OAuth.
Select the OAuth tab under ServiceNow authentication:
Enter the Instance name. For example, if your ServiceNow location is MySnowinstancename.servicenow.com, enter mySnowinstancename in the Instance name field.
Note: The name of the instance is not a URL or a path.
Enter the username and password for ServiceNow.
Get the Client ID from ServiceNow:
Get the Client secret from ServiceNow.
For more information, refer to Configuring OAuth in ServiceNow.
Configuring ServiceNow Fields in Hyver
Configure the ServiceNow fields in Hyver. Get the required information from your ServiceNow instance.
Complete the following fields:
Caller ID:
This is the creator of the incident.
This mandatory field is used in ServiceNow to represent the person that created the ticket incident. For example, you might want to enter the value Hyver here to indicate that Hyver is the originator of this incident based on a Hyver finding.
Assignment group:
Group that incidents are assigned to, such as Hyver.
This is the group in ServiceNow, that you define to be used by Hyver.Launch ServiceNow and search for the word group.
Go to the Groups screen:
Check whether the relevant group name for integration already exists by typing its name in the Name search box.
If the group exists, go back to Hyver and type the group name in the Assignment group field:
If the group does not exist, click New and fill in the Name field with a new group name:
Click Submit.
Copy the group name and paste it in the Assignment group field in Hyver.
Impact:
Represents the business criticality in ServiceNow.
By default, this field is populated and can be modified. You can select High, Medium, or Low from the dropdown menu:
Category:
Category of the incident/finding such as software, hardware, or Hyver:
Go to the ServiceNow application to define the category to be used by Hyver.
Search for the word Incident to display the Incidents page.
Click New to open a new incident:
Right-click the Category label.
Select the Configure Choices option:
In the Enter new item field, type a new category name and click Add:
Click Save.
In Hyver add this new category name to the Category field.
Urgency:
Map the Hyver severity levels to the urgency levels used in ServiceNow:
If your ServiceNow installation has different ServiceNow label names from those shown, click inside one of the fields in the ServiceNow label column and type the new name and click +New to add the name.
Sub-category:
Open ServiceNow.
Search for Incident to display the Incidents page.
Right-click on the Subcategory label.
Select Configure Choices:
In the Enter new item field, type a new subcategory name and click Add:
Click Save.
In Hyver, type the name of this new Subcategory in the Subcategory field:
Each Hyver value can be mapped to a subcategory in ServiceNow.
If you are finished and don't want to add any custom fields, click Save to save the configuration.
Add a custom ServiceNow field
Click + Add field.
Add a ServiceNow field name and a value for that field.
Click Save.
Verify that ServiceNow is connected by selecting settings > Integration, and looking for the connected status on the ServiceNow tile:
Map fields by status in ServiceNow
Enter the ServiceNow status ID. You must enter a valid ID.
To get the ServiceNow status ID, right-click on State and select Show Choice List:
Select the finding status that maps to the ServiceNow status:
Enter a ServiceNow status ID and the ServiceNow status, and then select a finding status in Hyver.
Select a finding status in Hyver that maps to a Deleted ticket status in ServiceNow.
When a ServiceNow status such as Resolved is mapped to a Fixed status in Hyver, the finding and any associated remediation assets will change to fixed in Hyver when the status is changed in ServiceNow.
[Optional] Click Add status to add another status mapping.
Click Save.
Automating ServiceNow Ticket Creation
Automating ServiceNow ticket (incident) creation from Hyver is done through the Hyver notifications feature:
Ticket creation in ServiceNow is based on a single notification event only.
Findings should be shared with everyone and have an open status:
Note: ServiceNow incidents are not created automatically for pre-existing findings when you integrate ServiceNow.
Define a new notification for ServiceNow integration in Hyver
Go to Settings > Notifications in Hyver:
Click + New notification.
Enter Notification Name:
Select Entity: Finding or Remediation assets.
Select Event: Finding created, Remediation asset created, or Remediation asset status change.
Click Next to display Conditions screen:
Select specific conditions such as Severity, Security domain, or Status:
Status [Optional]: This field enables you to select any Finding or a Remediation asset status from the dropdown menu for which a notification will be triggered when there is a change.
When the value of this field is None, a notification is triggered for any status change.
Severity [Optional]: This field enables you to select any Finding or a Remediation asset severity from the dropdown menu for which a notification will be triggered.
When the value of this field is None, a notification is triggered upon the detection of any Finding or a Remediation asset with any severity.
Security Domain [Optional]: Specify the security domain for which notifications will be sent.
For example, you may only want notifications to be sent upon detecting a Finding in the domain of the finance department in your organization or upon detecting a Remediation asset related to a Finding of a selected security domain.
Click Next to display the Actions page:
Select the ServiceNow radio button.
Important: Changes that you make to a finding in Hyver are not reflected in ServiceNow after the incident is created.
Manual ServiceNow Ticket Creation
To create a ServiceNow ticket manually:
Go to the findings page.
Select one or more findings (max 450) that are shared with Anyone with permission:
Click the Create icon to create tickets:
Or use the finding menu icon and select Create ticket > ServiceNow:
If the finding already has a ServiceNow ticket, it is skipped.
The status indicator shows progress and status of tickets created in ServiceNow:
You can also use the right pane to create tickets:
Note that The finding must be shared with Anyone with permission All finding statuses are eligible:
5. Viewing Results
Now you can View tickets in ServiceNow:
Check in Hyver for the integration ticket ID:
Creating a Webhook in ServiceNow
Click (settings) > Access token to create or copy a Hyver Access Token and URL:
Open Business Rules page in ServiceNow.
Click New.
Enter name, select Incident table, mark Active and Advanced.
In the When to run tab: select async, check Update.
Add Filter Conditions based on State.
Add the script (replace Hyver URL and token):
Example script:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 (function executeRule(current, previous) {
try {
// using hyver url and access token that you copy when you create the access token
var r = new sn_ws.RESTMessageV2();
r.setEndpoint("https://Your-Hyver-URL/api/v1/finding/service_now/status");
r.setHttpMethod("post");
r.setRequestHeader("Authorization", "Token 3081a327065807afbcf1c40ca8136b9e151d7894417637215a9b43e7b1b170fa");
r.setRequestHeader("Content-Type", "application/json");
var usr = new GlideRecord('sys_user');
usr.get('sys_id', current.getValue("caller_id"));
var reported_by_email = usr.getValue('email');
var all_fields = {};
for (var fieldName in current) {
if (current[fieldName] instanceof GlideElement) {
all_fields[fieldName] = current[fieldName].getDisplayValue();
}
}
// All the field updates that you want to send to Hyver
var number = current.getValue("number");
var sys_id = current.getValue("sys_id");
var priority = current.getValue("priority");
var state = current.getValue("state");
// example script that you create
var obj = {
"all_fields": all_fields,
"number": number,
"sys_id": sys_id,
"priority": priority,
"state": state
};
// for debugging
var body = JSON.stringify(obj);
gs.info("Webhook body: " + body);
r.setRequestBody(body);
var response = r.execute();
var httpStatus = response.getStatusCode();
} catch (ex) {
var message = ex.message;
gs.error("Error message: " + message);
}
gs.info("Webhook target HTTP status response: " + httpStatus);
})(current, previous);This connects ServiceNow to Hyver and enables status updates.
Save the configuration.
ServiceNow Tickets in Hyver
Integration ticket ID is displayed on findings page and right pane:
Indicates the source of the finding.
Click the ticket link to open it in ServiceNow:
Changes made to a finding after ticket creation are not reflected in ServiceNow.
Filter findings by:
Source (Hyver, Qualys, etc.):
With or without tickets:
ServiceNow Ticket Details
When ServiceNow ticket creation is triggered:
Short description: Name of the finding
Number: Ticket ID (shown in Hyver as Integration ticket ID)
Caller: Creator
Category / Subcategory: Mapped from Hyver configuration
Urgency: Mapped from Hyver severity
Impact: Based on configuration
6. Deleting the Integration
Deleting the integration
Click Delete integration
Confirm deletion
Deleted integrations stop ingesting new data. Existing data in Hyver is retained.
Editing the integration
Click Edit Integration
Make changes
Click Save
7. FAQs
What happens when a finding is reopened?
→ The finding status is not synced from Hyver to ServiceNow.What happens in ServiceNow when a finding has new version or is modified?
→ Changes in Hyver are not reflected in ServiceNow after the ticket is created.Are tickets created in ServiceNow for findings that existed before the integration?
→ No, only new findings.What happens if new remediation assets are added to the finding after the ServiceNow ticket was created?
→ The list is not updated in the ServiceNow ticket.Do findings need to meet specific criteria to trigger the ticket creation from Hyver notifications?
→ Yes, they should be shared with everyone and have an open status.
Wrap-up
In this guide, we explored how the ServiceNow integration with Hyver ensures full alignment between incidents and findings. We learned how new findings and remediation assets in Hyver automatically create ServiceNow tickets, and how updates in ServiceNow flow back into Hyver in real time. This two-way synchronization streamlines remediation, saves manual effort, and keeps both platforms consistently up to date.