ServiceNow Incident Indexing
- Connect ServiceNow as your incident platform with Basic auth or OAuth 2.0
- Real connectivity validation during setup confirms your credentials work before indexing begins
- Scanner polls every minute, auto-creates investigation threads for new incidents
- Use response plans to control which priorities and incident types your agent handles
The problem: incidents in ServiceNow, investigation everywhere else
When an incident fires in ServiceNow, your on-call opens ServiceNow to read the details, then switches to their observability tools to investigate, then copies findings back into ServiceNow as work notes. Context lives in multiple tools, investigation is manual, and knowledge walks out the door when the engineer goes off shift.
Without connecting ServiceNow to your agent, you can't leverage automated investigation on your actual incident stream. And when you do connect, you need confidence the connection actually works — not a setup-and-hope experience where failures surface hours later when incidents don't appear.
How ServiceNow incident indexing works
When you connect ServiceNow as your incident platform:
Connectivity validation — During setup, the agent tests your credentials by fetching a real incident from ServiceNow. If the connection fails, you get an immediate error with details — no guessing whether setup worked.
Assignment group scoping — Scope indexing to your team's assignment group so only relevant incidents get picked up. Essential for large enterprise ServiceNow instances shared across many teams.
Category and priority filtering — Filter by priority (Critical through Planning) and category so the agent focuses on incidents that matter to your team.
Automatic scanning — After connection, the scanner polls ServiceNow every minute for new and updated incidents matching your filters.
A quickstart response plan is created by default during setup. From there, the agent follows the same investigation and response flow as any other incident platform.
What makes this different
Unlike manual triage that depends on who's on call and what they remember, your agent investigates every ServiceNow incident consistently:
Connectivity validation catches credential and endpoint issues during setup, not hours later when incidents fail to sync. The health check fetches a real incident from ServiceNow to prove the connection works.
Continuous scanning means new incidents are picked up within a minute. The agent acknowledges, investigates, and can resolve incidents directly in ServiceNow — including posting investigation findings as discussion entries.
Response plans give you granular control: handle Critical incidents autonomously, require approval for Moderate ones, and ignore Planning-level items entirely.
Authentication options
| Method | When to use | What you need |
|---|---|---|
| Basic authentication | Quick setup, testing, smaller instances | ServiceNow username and password (user needs itil or admin role) |
| OAuth 2.0 | Production, security-conscious environments | ServiceNow OAuth Application (Client ID and Client Secret), Azure API Connection created automatically |
For OAuth, the redirect URL follows the pattern https://logic-apis-{region}.consent.azure-apim.net/redirect. Register this in your ServiceNow OAuth Application Registry before authorizing.
Scanner behavior
| Setting | Value |
|---|---|
| Scan interval | 1 minute |
| Incidents per page | 20 |
| Max incidents per cycle | 220 (11 pages) |
| Initial lookback | 30 days (when no prior scan exists) |
Before and after
| Before | After |
|---|---|
| Manually monitor ServiceNow for new incidents | Agent scans every minute and creates investigation threads automatically |
| Context-switch between ServiceNow and investigation tools | Agent queries your connected data sources and posts findings back to ServiceNow |
| No validation that connection works during setup | Real connectivity check confirms credentials before indexing begins |
| Investigation knowledge leaves with the engineer | Agent captures findings in threads and discussion entries |
Get started
| Resource | What you'll learn |
|---|---|
| Setting Up ServiceNow → | Connect ServiceNow, validate the connection, and verify incidents appear |
Related capabilities
| Capability | What it adds |
|---|---|
| Incident Response → | How your agent investigates and responds to indexed incidents |
| Incident Response Plans → | Control which incidents your agent handles with priority routing and run modes |
| Deep Investigation → | Extended hypothesis-driven analysis for complex incidents |