ServiceNow Policy Incidents
The Policy Incidents page is a central repository of all incidents that have violated Policies. All services are consolidated on this page, or you can choose to view the violations occurring in just the ServiceNow service.
Find the page at The Incidents > Policy Incidents. For more information, see Policy Incidents Page.
Request Item Number (RITM) in ServiceNow
You can request an item in ServiceNow through the Service Catalog to get a Request Number and a RITM number. When you order the item through CMS or the Service Portal, ServiceNow uses a process called Request Fulfillment. For example, you can request a mobile phone, virtual desktop, PC Refresh, or system access. For more information about RITM, see ServiceNow Catalog Request Fulfillment.
Create a Request in Service Catalog
To request an item in Service Catalog:
- Go to Service Catalog > Categories and select the required item.
- Click Order Now.
- Enter the details and click Checkout.
- The RITM number and Request Number are created.
ServiceNow Catalog Request Fulfillment
To create a request through catalog fulfillment, see Create a Request. The Request Fulfillment has different variables in different fields. You can also see attachments in ServiceNow. These fields or attached files can contain sensitive information. The Skyhigh CASB DLP policy detects sensitive information, and if a policy is violated, then incidents are generated.
Here you can see the details of DLP violations in ServiceNow fields or file attachments in Service Catalog Request Fulfillment. You can also detect the RITM to see the ServiceNow fields or files where the DLP violation occurred.
On the Policy Incidents page, copy the specific sys_id and open it in ServiceNow to view the RITM number where the DLP violations have occurred as shown below.
To view the DLP violation details in ServiceNow:
- Go to Incidents > Policy Incidents
- Under Service Name, select the ServiceNow. Click any incident in the table to see the Details pane for that incident.
- The Item Name displays the URLs of objects (fields) and attachments (file) that provide the details of violations in ServiceNow.
- For field violations, you can construct a URL for the object. Copy the URL from the item name and paste it into the browser after the proxy URL as shown below:
- If there is a RITM incident in the Item Name, construct the URL as: https://<Proxy URL>/sc_req_item.do?sys_id=567f52942fa01010f2283c96f699b6a0
- If there is an incident in the Item Name, construct the URL as: https://<ProxyURL>/incident.do?sys_id=567f52942fa01010f2283c96f699b6a0
- For file violations, you can construct a URL for the attachment. Copy the URL from the Item Name and paste it into the browser after the proxy URL to access the violated file directly as shown:
- The DLP Policy violations details are shared via notifications, if configured, in the following format: