Skip to main content

MOSS integration for ServiceNow - SIEM events, ITSM incidents, and workflow signing

Project description

MOSS ServiceNow Integration

Full ServiceNow connector for AI agent governance with MOSS.

  • SIEM/Security Operations: Send signed events for security monitoring
  • ITSM: Create incidents on policy violations
  • Workflows: Sign ServiceNow AI agent actions

Installation

pip install moss-servicenow

Quick Start

SIEM - Security Events

Send MOSS signed events to ServiceNow Security Operations:

from moss_servicenow import ServiceNowSIEM, EventType, EventSeverity

siem = ServiceNowSIEM(
    instance="your-instance.service-now.com",
    username="api_user",
    password=os.environ["SERVICENOW_PASSWORD"]
)

# Send policy violation event
siem.send_event(
    event_type=EventType.POLICY_BLOCK,
    severity=EventSeverity.HIGH,
    agent_id="finance-agent",
    action="wire_transfer",
    description="Blocked: Transfer exceeds $10,000 limit",
    envelope=signed_result.envelope.to_dict()
)

Or send directly from a MOSS SignResult:

from moss import sign
from moss_servicenow import ServiceNowSIEM

result = sign(output=data, agent_id="my-agent", action="transfer")

if result.blocked:
    siem.send_from_sign_result(result)

ITSM - Incident Management

Create incidents when policy violations occur:

from moss_servicenow import ServiceNowITSM, IncidentPriority

itsm = ServiceNowITSM(
    instance="your-instance.service-now.com",
    username="api_user",
    password=os.environ["SERVICENOW_PASSWORD"],
    default_assignment_group="AI Governance Team"
)

# Create incident from policy violation
incident = itsm.create_incident(
    short_description="AI Agent Policy Violation - Unauthorized Access",
    description="Agent attempted to access PII without proper authorization",
    priority=IncidentPriority.HIGH,
    envelope=signed_result.envelope.to_dict(),
    agent_id="data-agent",
    action="read_pii"
)

print(f"Created incident: {incident['number']}")

Or create directly from a MOSS SignResult:

if result.blocked:
    incident = itsm.create_from_sign_result(result)

Workflow Signing

Sign ServiceNow AI agent actions before execution:

from moss_servicenow import sign_workflow_action

# Sign before executing
result = sign_workflow_action(
    action="create_incident",
    payload={"short_description": "System alert", "priority": "2"},
    agent_id="snow-automation",
    workflow_name="incident_management"
)

if result.blocked:
    print(f"Blocked: {result.enterprise.policy.reason}")
else:
    # Proceed with ServiceNow API call
    client.create("incident", payload)

Callback Handler for Now Assist

Wrap functions to automatically sign actions:

from moss_servicenow import ServiceNowCallbackHandler

handler = ServiceNowCallbackHandler(
    agent_id="now-assist-agent",
    context={"tenant": "acme"}
)

@handler.wrap("create_incident")
def create_incident(data):
    return client.create("incident", data)

# Action is automatically signed before execution
# Raises PermissionError if blocked by policy
result = create_incident({"short_description": "Alert"})

Configuration

Environment Variables

# ServiceNow credentials
SERVICENOW_INSTANCE=your-instance.service-now.com
SERVICENOW_USERNAME=api_user
SERVICENOW_PASSWORD=api_password

# MOSS API key (for enterprise features)
MOSS_API_KEY=moss_live_...

Tables

  • SIEM: sn_si_incident (Security Incidents) by default
  • ITSM: incident table

API Reference

ServiceNowSIEM

Method Description
send_event() Send security event
send_from_sign_result() Send event from MOSS SignResult
send_batch() Send multiple events

ServiceNowITSM

Method Description
create_incident() Create incident
create_from_sign_result() Create incident from MOSS SignResult
update_incident() Update incident fields
resolve_incident() Resolve and close incident
get_incident() Get incident by sys_id

Workflow Signing

Function Description
sign_workflow_action() Sign workflow action
sign_table_operation() Sign table API operation
ServiceNowCallbackHandler Decorator-based signing

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

moss_servicenow-0.1.0.tar.gz (14.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

moss_servicenow-0.1.0-py3-none-any.whl (14.2 kB view details)

Uploaded Python 3

File details

Details for the file moss_servicenow-0.1.0.tar.gz.

File metadata

  • Download URL: moss_servicenow-0.1.0.tar.gz
  • Upload date:
  • Size: 14.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.6

File hashes

Hashes for moss_servicenow-0.1.0.tar.gz
Algorithm Hash digest
SHA256 b09ae99595926351068f1b73d4ebc74afa98bf1363314a9ce4f8cde41ac1a95d
MD5 69d7167bf8d1d405059e4d70155cb03a
BLAKE2b-256 48adca6487970ec719c6313d5e76fa7d9b3d163096121ab0b0dde5375a80c3b4

See more details on using hashes here.

File details

Details for the file moss_servicenow-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for moss_servicenow-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 2b16758b29fa5d436d7054a1ef9298d439958d7272d154c152b162bb9af1ca5b
MD5 d2c06ff646b2402d13f1408909479d0a
BLAKE2b-256 de583dca85b187f861378f251a5eb4523a8cd85efe81e71e620b7a57b68775ba

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page