MOSS integration for ServiceNow - SIEM events, ITSM incidents, and workflow signing
Project description
MOSS ServiceNow Integration
Full ServiceNow connector for AI agent governance with MOSS.
- SIEM/Security Operations: Send signed events for security monitoring
- ITSM: Create incidents on policy violations
- Workflows: Sign ServiceNow AI agent actions
Installation
pip install moss-servicenow
Quick Start
SIEM - Security Events
Send MOSS signed events to ServiceNow Security Operations:
from moss_servicenow import ServiceNowSIEM, EventType, EventSeverity
siem = ServiceNowSIEM(
instance="your-instance.service-now.com",
username="api_user",
password=os.environ["SERVICENOW_PASSWORD"]
)
# Send policy violation event
siem.send_event(
event_type=EventType.POLICY_BLOCK,
severity=EventSeverity.HIGH,
agent_id="finance-agent",
action="wire_transfer",
description="Blocked: Transfer exceeds $10,000 limit",
envelope=signed_result.envelope.to_dict()
)
Or send directly from a MOSS SignResult:
from moss import sign
from moss_servicenow import ServiceNowSIEM
result = sign(output=data, agent_id="my-agent", action="transfer")
if result.blocked:
siem.send_from_sign_result(result)
ITSM - Incident Management
Create incidents when policy violations occur:
from moss_servicenow import ServiceNowITSM, IncidentPriority
itsm = ServiceNowITSM(
instance="your-instance.service-now.com",
username="api_user",
password=os.environ["SERVICENOW_PASSWORD"],
default_assignment_group="AI Governance Team"
)
# Create incident from policy violation
incident = itsm.create_incident(
short_description="AI Agent Policy Violation - Unauthorized Access",
description="Agent attempted to access PII without proper authorization",
priority=IncidentPriority.HIGH,
envelope=signed_result.envelope.to_dict(),
agent_id="data-agent",
action="read_pii"
)
print(f"Created incident: {incident['number']}")
Or create directly from a MOSS SignResult:
if result.blocked:
incident = itsm.create_from_sign_result(result)
Workflow Signing
Sign ServiceNow AI agent actions before execution:
from moss_servicenow import sign_workflow_action
# Sign before executing
result = sign_workflow_action(
action="create_incident",
payload={"short_description": "System alert", "priority": "2"},
agent_id="snow-automation",
workflow_name="incident_management"
)
if result.blocked:
print(f"Blocked: {result.enterprise.policy.reason}")
else:
# Proceed with ServiceNow API call
client.create("incident", payload)
Callback Handler for Now Assist
Wrap functions to automatically sign actions:
from moss_servicenow import ServiceNowCallbackHandler
handler = ServiceNowCallbackHandler(
agent_id="now-assist-agent",
context={"tenant": "acme"}
)
@handler.wrap("create_incident")
def create_incident(data):
return client.create("incident", data)
# Action is automatically signed before execution
# Raises PermissionError if blocked by policy
result = create_incident({"short_description": "Alert"})
Configuration
Environment Variables
# ServiceNow credentials
SERVICENOW_INSTANCE=your-instance.service-now.com
SERVICENOW_USERNAME=api_user
SERVICENOW_PASSWORD=api_password
# MOSS API key (for enterprise features)
MOSS_API_KEY=moss_live_...
Tables
- SIEM:
sn_si_incident(Security Incidents) by default - ITSM:
incidenttable
API Reference
ServiceNowSIEM
| Method | Description |
|---|---|
send_event() |
Send security event |
send_from_sign_result() |
Send event from MOSS SignResult |
send_batch() |
Send multiple events |
ServiceNowITSM
| Method | Description |
|---|---|
create_incident() |
Create incident |
create_from_sign_result() |
Create incident from MOSS SignResult |
update_incident() |
Update incident fields |
resolve_incident() |
Resolve and close incident |
get_incident() |
Get incident by sys_id |
Workflow Signing
| Function | Description |
|---|---|
sign_workflow_action() |
Sign workflow action |
sign_table_operation() |
Sign table API operation |
ServiceNowCallbackHandler |
Decorator-based signing |
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file moss_servicenow-0.1.0.tar.gz.
File metadata
- Download URL: moss_servicenow-0.1.0.tar.gz
- Upload date:
- Size: 14.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b09ae99595926351068f1b73d4ebc74afa98bf1363314a9ce4f8cde41ac1a95d
|
|
| MD5 |
69d7167bf8d1d405059e4d70155cb03a
|
|
| BLAKE2b-256 |
48adca6487970ec719c6313d5e76fa7d9b3d163096121ab0b0dde5375a80c3b4
|
File details
Details for the file moss_servicenow-0.1.0-py3-none-any.whl.
File metadata
- Download URL: moss_servicenow-0.1.0-py3-none-any.whl
- Upload date:
- Size: 14.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2b16758b29fa5d436d7054a1ef9298d439958d7272d154c152b162bb9af1ca5b
|
|
| MD5 |
d2c06ff646b2402d13f1408909479d0a
|
|
| BLAKE2b-256 |
de583dca85b187f861378f251a5eb4523a8cd85efe81e71e620b7a57b68775ba
|