Service Graph Connector for Trellix

  • Release version: Xanadu
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Service Graph Connector for Trellix

    The Service Graph Connector for Trellix allows you to integrate device, server, and network data from Trellix into your ServiceNow instance, enhancing your incident response and asset management capabilities. This connector supports the ServiceNow versions Washington DC, Xanadu, and Yokohama.

    Show full answer Show less

    Key Features

    • Use Cases: It helps identify cybersecurity risks, assess dependencies between configuration items (CIs), and manage incidents and changes effectively.
    • Configuration: Configure connections using the SGC Central view in the Service Graph or CMDB Workspace, allowing comprehensive management of connector lifecycle.
    • Data Mapping: Data from Trellix sources is mapped to ServiceNow CMDB classes using the Robust Transform Engine (RTE) and inserted via the Identification and Reconciliation Engine (IRE).
    • Integration Dashboard: The CMDB Integrations Dashboard provides a central view of the status and metrics of all integrations, allowing for detailed monitoring.
    • System Property: The pagination size for records fetched from the Trellix API can be set via the system property sntrellixinteg.getdevicescount.

    Key Outcomes

    By utilizing the Service Graph Connector for Trellix, customers can ensure effective security operations management, improve data quality, and streamline incident response processes. This integration empowers users with comprehensive insights, facilitating better decision-making and operational efficiency.

    Use the Service Graph Connector for Trellix to bring in device, server, and network data from a Trellix environment into your ServiceNow instance to streamline your incident response and asset management use cases.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Supported versions

    Supported ServiceNow versions:
    • Washington DC
    • Xanadu
    • Yokohama

    Use cases

    The following examples describe how you can use the Service Graph Connector for Trellix for security operations management:

    • Identify cybersecurity risks in the environment.
    • Assess dependencies between configuration items (CI).
    • Enable effective security incident response and endpoint management systems.
    • Identify data quality issues, reconcile inconsistencies, and manage incidents and changes on discovered CIs.

    Configuring a connection for the connector

    Use the SGC Central view in the Service Graph Workspace or CMDB Workspace to install the connector and configure the connection. The view enables you to install and discover connectors and to manage the full life cycle of creating, editing, monitoring, and debugging connections. For instructions, see Configure Service Graph Connector for Trellix using SGC Central.
    Important:
    Unless there are configuration issues, use SGC Central to configure the connection. The guided setup method for configuration is being deprecated.

    CMDB integrations dashboard

    The Integration Commons for CMDB store app provides a dashboard with a central view of the status, processing results, and processing errors of all installed integrations. You can see metrics for all integration runs. You can filter the view to a specific CMDB integration, a specific time duration, or a specific integration run. For more details about monitoring Trellix integrations in the CMDB Integrations Dashboard, see Using the CMDB Integrations Dashboard.

    Data mapping

    Data from the Trellix data sources is mapped and transformed into the ServiceNow CMDB Configuration Item (CI) class definitions using the Robust Transform Engine (RTE). Data is inserted into the ServiceNow CMDB using the Identification and Reconciliation Engine (IRE).

    The following data source is included for the Trellix application:
    SG-Trellix-Devices
    Imports data from devices and loads the imported data in the SGC Trellix Device Import [sn_trellix_integ_sgc_trellix_device_import] staging table.
    The imported data is then inserted into the following target tables:

    You can use the IntegrationHub ETL app to view the data maps. See IntegrationHub ETL for more information.

    System property

    The following system property is available for Service Graph Connector for Trellix: sn_trellix_integ.getdevices_count. This property sets the pagination size for the records that are fetched from the Trellix API.
    • Type: integer
    • Default value: 100
    Note:
    To open the System Properties [sys_properties] table, enter sys_properties.list in the navigation filter.