No new ServiceNow incidents in CloudSOC After removing ServiceNow Admin Role

search cancel

No new ServiceNow incidents in CloudSOC After removing ServiceNow Admin Role

book

Article ID: 212032

calendar_today

Updated On:

Products

CASB Security Advanced CASB Security Premium CASB Security Standard CASB Securlet SAAS

Issue/Introduction

After removing the Admin Role of the ServiceNow Securlet, post Securlet activation, there are no new ServiceNow incidents in CloudSOC.

Cause

If the Admin role is missing from the ServiceNow account used to activate the Securlet, the Refresh token will fail to refresh after the token expires. This will cause the Securlet to be unable to fetch new events.

Resolution

The ServiceNow Securlet will be able to fetch new events once the Admin role is added back into the ServiceNow account connected to CloudSOC.

Feedback

thumb_up Yes

thumb_down No