No Data In Populated in CloudSOC After Removing ServiceNow Admin Role after After Activating ServiceNow Securlet

book

Article ID: 212032

calendar_today

Updated On:

Products

CASB Security Advanced

Issue/Introduction

After removing the Admin Role of the ServiceNow Securlet, there are no new incidents in CloudSOC.

Cause

If the Admin role is missing from the ServiceNow account used to activate the Securlet, the Refresh token will fail to refresh after the token expires. This will cause the Securlet unable to fetch new events.

Environment

Release : 1.0

Component :

Resolution

The ServiceNow Securlet will be able to fetch new events once the admin role is added back in ServiceNow.