BigPanda - ServiceNow v3 data requirements
The BigPanda ServiceNow integration v3.0 is now available on the ServiceNow Store. This is a complete rebuild of the integration, certified by ServiceNow, that brings significant performance, security, and functionality improvements to your incident management workflows.
Assistance required
The BigPanda - ServiceNow v3 integration includes major architectural changes, including new security roles, and deprecated API patterns. The upgrade process must be planned and coordinated with your BigPanda account team.
Contact your BigPanda account team to discuss next steps to upgrade to a 3.x integration version.
Pre-upgrade checklist
Before upgrading from v2.9.x to v3.0.2, confirm the following with your BigPanda account team:
Your ServiceNow instance runs Xanadu or later.
You have an active ITSM license.
You have your BigPanda API credentials (bearer token, API key, and app keys for each module you use).
Outbound HTTPS access to your BigPanda API region is allowed from your ServiceNow instance.
You have identified which users need the
x_bip_panda_userandx_bip_panda.adminroles.The BigPanda integration service account in ServiceNow has both the
x_bip_panda_useranditilroles assigned.The BigPanda user or service account associated with the integration has the required minimum permissions: Autoshare, Incident Enrichment, Root Cause Changes, Incident Actions (All Environments), and Manage Environments. See the RBAC documentation for details on permissions in BigPanda.
You have documented any custom transform map modifications that should be preserved during migration.
Platform requirements
Requirement | v2.9.x | v3.0.2 |
|---|---|---|
ServiceNow platform | All supported releases | Xanadu or later |
ITSM license | Required | Required |
Application scope | Unscoped (global) | Scoped ( |
ServiceNow Store certification | No | Yes |
An active BigPanda subscription with API access is required for all versions.
Authentication
Credentials
The v3 integration requires the following credentials from your BigPanda account:
Credential | Description | Used By |
|---|---|---|
Bearer Token | Primary API authentication token. | All API calls. |
API Key | Organization-level API key. | Legacy and fallback authentication. |
Incidents App Key | Routing key for incident data. | Incident sync module. |
Changes App Key | Routing key for change request data. | Changes and maintenance module. |
OIM App Key | Routing key for outbound integration management. | OIM module. |
Your BigPanda account team provides these credentials during onboarding or upgrade.
During the upgrade, existing credentials are automatically migrated and re-encrypted.
Credential storage
Feature | v2.9.x | v3.0.2 |
|---|---|---|
Storage method | ServiceNow system properties | Versioned configuration table ( |
Encryption | Basic property encryption | Password2 encryption (ServiceNow standard for at-rest encryption). |
Scope isolation | Global scope (accessible to other apps) | Scoped application (isolated from other apps). |
Credential visibility | Visible in exports and logs | Never exposed in exports, logs, or client-side scripts. |
In v2.9.x, credentials were stored as system properties in the global scope. Any application or script with system property access could read them. In v3.0.2, all credentials are stored in the scoped x_bip_panda_config table using Password2 field types. This means credentials are encrypted at rest and isolated from other applications on your ServiceNow instance.
Network and connection requirements
API endpoints
The integration communicates with BigPanda over outbound HTTPS (port 443). No inbound connections to your ServiceNow instance are required.
Region | Base URL |
|---|---|
US |
|
EU |
|
Confirm with your account team which region applies to your organization.
Endpoint functions
Function | Description |
|---|---|
Retrieval endpoint | Polls BigPanda for pending incident shares. |
Callback endpoint | Sends incident lifecycle updates back to BigPanda. |
Changes endpoint | Sends change request data to BigPanda. |
Maintenance endpoint | Sends maintenance plan windows to BigPanda. |
CMDB endpoint (v1) | Uploads full CMDB table exports as CSV. |
CMDB v2 base URL | Sends delta CMDB updates using hash-based change detection. |
Connection defaults
Setting | Default | Description |
|---|---|---|
Polling batch size | 30 incidents | Number of incident shares retrieved per poll cycle. |
CMDB sync interval | 24 hours | How often CMDB data is sent to BigPanda. |
CMDB retry interval | 5 seconds | Wait time between retries on failed CMDB API calls. |
CMDB page size | 100 records | Number of CMDB records per API page. |
CMDB max pages | 10 | Maximum pages per CMDB table sync. |
CMDB max retries | 3 | Maximum retry attempts for failed CMDB calls. |
Firewall rules
If your ServiceNow instance uses restricted outbound access, allow HTTPS (port 443) traffic to your region's BigPanda API endpoint. No other ports or protocols are required.
Custom data tables
The v3 integration creates eight tables in the x_bip_panda scope. All tables are protected by access control lists (ACLs) and are isolated from other applications.
In v3.0.2, all data is stored in scoped custom tables with role-based access control and full audit logging.
Custom tables
Table | Purpose |
|---|---|
| Stores versioned configuration with encrypted credentials. Supports multiple BigPanda organizations. |
| Staging table for inbound incident data from BigPanda. Records are processed by transform maps and routed to the ServiceNow incident table. |
| Stores individual alert records associated with BigPanda incidents. |
| Maps each ServiceNow incident to its BigPanda counterpart. Stores runbook links, similar incident data, related changes, and external URLs. |
| Stores correlation relationships between entities with type classification and confidence scores. |
| Links similar incidents identified by BigPanda AI, including similarity scores and reasoning. |
| Links incidents to related change requests for Root Cause Changes (RCC) analysis. |
| Links incidents to external service desk tickets from third-party systems. |
Role requirements
ServiceNow roles
The v3 integration uses dedicated roles instead of relying on global ServiceNow roles.
Role | Label | Access Level | Typical Users |
|---|---|---|---|
| BigPanda User | Read-only access to all BigPanda tables. Can view configuration (credentials masked), incident metadata, similar incidents, and related changes. | NOC analysts, on-call engineers, and anyone who needs visibility into BigPanda data. |
| BigPanda Admin | Full access to all BigPanda tables. Can create, modify, and delete configuration versions, manage credentials, and run administrative operations. | Integration administrators responsible for setup and maintenance. |
Limited defaults for admin role
Assign x_bip_panda_user along with x_bip_panda.admin for users who need administrative access. The admin role does not automatically include read-only role permissions.
ITIL Role
As part of ServiceNow Store certification requirements, the itil role was removed from BigPanda application roles. The integration service account still requires ITIL-level access to create and update incidents in the ServiceNow incident table.
When creating the BigPanda service account in ServiceNow, assign both of the following roles:
x_bip_panda_user— grants access to BigPanda scoped tables and data.itil— grants the access needed to create, read, and update records in the incident table and other ITSM tables.
ITIL role required
Without the itil role, the integration service account will not be able to create or update incidents in ServiceNow.
BigPanda permissions
BigPanda follows the principle of least privilege. The user or service account associated with the ServiceNow integration must have the minimum permissions required to operate the integration. At minimum, assign the following BigPanda permissions:
Permission | Purpose |
|---|---|
Autoshare | Allows BigPanda to automatically share incidents to ServiceNow based on configured sharing rules. |
Incident Enrichment | Allows the integration to enrich incidents with CMDB data, similar incidents, and related changes. |
Root Cause Changes | Allows the integration to send root cause change data to ServiceNow. |
Incident Actions (All Environments) | Allows the integration to perform incident lifecycle actions (resolve, reassign, etc.) across all environments. |
Manage Environments | Allows the integration to manage environment-level configuration for incident routing and sharing. |
If any of these permissions are missing, the corresponding integration features will not function. Your BigPanda account team can verify that the service account has the correct permissions during onboarding or upgrade.
Security summary
Security Feature | v2.9.x | v3.0.2 |
|---|---|---|
Credential encryption | Basic | Password2 (at-rest encryption). |
Application scope | Global | Scoped ( |
Access control | Standard ServiceNow roles | 41 dedicated ACLs with role-based enforcement. |
Database operations | Standard GlideRecord | GlideRecordSecure (enforces ACLs in all code paths). |
Store certification | No | Yes (meets ServiceNow security and data handling standards). |
Audit logging | Limited | Full audit trail on configuration changes with version history. |
CMDB enrichment comparison
Feature | v2.9.x (CMDB v1) | v3.0.2 (CMDB v2) |
|---|---|---|
Sync method | Full CSV export of entire tables. | Delta sync with hash-based change detection. |
Data transferred | All records every sync cycle. | Only records that changed since the last sync. |
Rate limit handling | None. | Exponential backoff with jitter for API throttling. |
Stale mapping recovery | Manual. | Automatic detection and recovery. |
Resource impact | High (full table scans). | Low (incremental updates only). |
CMDB v1 (full sync) remains available for backward compatibility. CMDB v2 (delta sync) is the recommended mode for v3.0.2 deployments.