Kikimora
← all integrations

Operations & Incident Response

ServiceNow

Bridge findings to operations - incidents created, assigned, and tracked from one prompt.

TRY ASKING:

“List all active security incidents with High or Critical priority.”

  • “Open an incident from this finding and attach the affected resources.”
  • “List active High and Critical incidents and who they are assigned to.”
  • “Show change requests tied to the remediations we shipped this week.”

When Kikimora finds something that needs human hands, it can open the ticket for you. Create ServiceNow incidents with full context attached, assign them to the right team, and track them, all conversationally.

Bridge findings to operations from one conversation

The integration covers the operational handoff: listing and filtering security incidents, creating new ones from findings with the affected resources already attached, tracking the change requests tied to a remediation, and keeping CMDB assets in step with what the agent discovers. This is one of the few integrations that writes as well as reads, so the guardrail matters: every incident the agent files is shown to you first and created only on approval. The handoff is where security work usually loses fidelity. A finding gets copied into a ticket by hand, half the context is dropped, and the assignee spends an hour rediscovering what the agent already knew. Letting Kikimora open the incident with the affected account, resource, and finding detail already attached means the ticket arrives complete, and you stay in control because nothing is filed until you approve it.

What you can do

  • List and filter active security incidents.
  • Create incidents from findings with affected-resource context included.
  • Track change requests tied to remediations.
  • Keep CMDB assets in sync with what the agent discovers.

Things you might ask

  • “Open a High-priority incident from this exposed-bucket finding and attach the account and resource details.”
  • “List active Critical security incidents and which team owns each one.”
  • “Show me the change requests linked to the firewall fixes we approved this week.”

ServiceNow is where a finding becomes a tracked piece of work. Pair it with the Sentry integration so an error spike that turns into a real incident flows straight into a ticket, with the timeline already gathered and nothing retyped.

Connect ServiceNow - free Browse all integrations

[ faq ]

Does ServiceNow write back, or only read? +

This integration does both, but writes are approval-gated. The agent reads incidents, change requests, and CMDB by default. When it creates or assigns an incident, it shows you exactly what it will file first and acts only after you approve.

What permissions does it need? +

A service account with read access to incidents, change requests, and the CMDB, plus incident-create rights if you want the agent to open tickets. You decide how much write scope to grant.

How long does it take to set up? +

A short setup. You provide the instance URL and a scoped service account. There is nothing to install on the ServiceNow side beyond the account and roles.

Will it touch unrelated records? +

No. It works with security incidents, change requests, and CMDB assets relevant to what the agent discovers, and every create or update is shown for approval and logged.

More in Operations & Incident Response

Sentry