Service Graph Connector for Trellix

Release version: Australia

Updated March 12, 2026

2 minutes to read

Summarize

Summarized using AI

Summary of Service Graph Connector for Trellix

The Service Graph Connector for Trellix allows users to integrate device, server, and network data from Trellix into their ServiceNow instance. This integration enhances incident response and asset management processes, facilitating better security operations management.

Show full answer Show less

Key Features

Supported Versions: Compatible with ServiceNow versions Washington DC, Xanadu, and Yokohama.
Use Cases:
- Identify cybersecurity risks.
- Assess dependencies between configuration items (CIs).
- Enhance security incident response and endpoint management.
- Manage data quality and reconcile inconsistencies within discovered CIs.
Connection Configuration: Use the SGC Central view in the Service Graph Workspace to install and manage the connector connection lifecycle. Guided setup will be deprecated.
CMDB Integrations Dashboard: Monitor integration statuses and performance metrics through the Integration Commons dashboard.
Data Mapping: Data from Trellix is transformed and inserted into ServiceNow CMDB using the Robust Transform Engine (RTE) and Identification and Reconciliation Engine (IRE).
System Property: The property sntrellixinteg.getdevicescount allows users to set the pagination size for records fetched from the Trellix API, with a default value of 100.

Key Outcomes

By utilizing the Service Graph Connector for Trellix, ServiceNow customers can effectively streamline their incident response workflows, ensure accurate asset management, and maintain a clear view of their cybersecurity environment. This integration ultimately leads to improved operational efficiency and enhanced security posture.

Use the Service Graph Connector for Trellix to bring in device, server, and network data from a Trellix environment into your ServiceNow instance to streamline your incident response and asset management use cases.

Request apps on the Store

Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

Supported versions

Supported ServiceNow versions:

Washington DC
Xanadu
Yokohama

Use cases

The following examples describe how you can use the Service Graph Connector for Trellix for security operations management:

Identify cybersecurity risks in the environment.
Assess dependencies between configuration items (CI).
Enable effective security incident response and endpoint management systems.
Identify data quality issues, reconcile inconsistencies, and manage incidents and changes on discovered CIs.

Configuring a connection for the connector

Use the SGC Central view in the Service Graph Workspace or CMDB Workspace to install the connector and configure the connection. The view enables you to install and discover connectors and to manage the full life cycle of creating, editing, monitoring, and debugging connections. For instructions, see Configure Service Graph Connector for Trellix using SGC Central.

Important:

Unless there are configuration issues, use SGC Central to configure the connection. The guided setup method for configuration is being deprecated.

CMDB integrations dashboard

The Integration Commons for CMDB store app provides a dashboard with a central view of the status, processing results, and processing errors of all installed integrations. You can see metrics for all integration runs. You can filter the view to a specific CMDB integration, a specific time duration, or a specific integration run. For more details about monitoring Trellix integrations in the CMDB Integrations Dashboard, see Using the CMDB Integrations Dashboard.

Data mapping

Data from the Trellix data sources is mapped and transformed into the ServiceNow CMDB Configuration Item (CI) class definitions using the Robust Transform Engine (RTE). Data is inserted into the ServiceNow CMDB using the Identification and Reconciliation Engine (IRE).

The following data source is included for the Trellix application:

SG-Trellix-Devices: Imports data from devices and loads the imported data in the SGC Trellix Device Import [sn_trellix_integ_sgc_trellix_device_import] staging table.

The imported data is then inserted into the following target tables:

File System [cmdb_ci_file_system]
IP Address [cmdb_ci_ip_address]
Network Adapter [cmdb_ci_network_adapter]
Server [cmdb_ci_server]
Software Installation [cmdb_sam_sw_install] (if the Software Asset Management (SAM) application is installed)
Software [cmdb_ci_spkg] (if the SAM application isn't installed)
Software Instance [cmdb_software_instance] (if the SAM application isn't installed)
Storage Disk [cmdb_ci_storage_disk]

You can use the IntegrationHub ETL app to view the data maps. See IntegrationHub ETL for more information.

System property

The following system property is available for Service Graph Connector for Trellix: sn_trellix_integ.getdevices_count. This property sets the pagination size for the records that are fetched from the Trellix API.

Type: integer
Default value: 100

Note:

To open the System Properties [sys_properties] table, enter sys_properties.list in the navigation filter.