> ## Documentation Index
> Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Managing Your ServiceNow Incidents

<Icon icon="users" iconType="solid" /> Role Availability | ✔️ Read-Only ✔️ Investigator ✔️ Analyst ✔️ Manager

After the BlueApp for ServiceNow is configured and users have executed the supported actions directly or through an orchestration rule, then you can easily view a list of the ServiceNow incidents created by USM Anywhere. It shows you the list of events, alarms, and vulnerabilities related to the executed actions.

## Viewing ServiceNow Incidents Created by USM Anywhere

In USM Anywhere, you can view a list of incidents created by an action applied directly to an <Tooltip tip="Alarms provide notification of an event or sequence of events that require attention or investigation.">alarm</Tooltip>, <Tooltip tip="Any traffic or data exchange detected by LevelBlue products through a sensor or external devices such as a firewall.">event</Tooltip>, or <Tooltip tip="A known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security.">vulnerability</Tooltip>, as well as any from actions that were triggered by an orchestration rule. From the list, you can open the incident in your ServiceNow account to view additional information about the incident or make updates to the incident, such as assigning the item to a team member or changing its priority.

**To access the ServiceNow incidents**

1. In USM Anywhere, go to **Data Sources > BlueApps > Available Apps**.
2. Search for **ServiceNow**, and then click the tile.
3. In the BlueApp for Service Now page, click the tab for the incidents type that you want to display. The available incident types depend on the ServiceNow products that are active for the ServiceNow user account [configured for the BlueApp](/documentation/usm-anywhere/alienapps-guide/servicenow/config-alienapp-servicenow):
   * Select **Service Desk Incidents** to view incidents created in the IT Service Management product.
   * If your account has the ServiceNow Security Incident Response (SIR) product enabled, click the **Security Incidents** tab to view the security incidents created in that product.

     <Frame>
       <img src="https://mintcdn.com/levelblue-5324744e/Q_BhWHm3qHRMbGha/images/usm-anywhere/servicenow-incidents.webp?fit=max&auto=format&n=Q_BhWHm3qHRMbGha&q=85&s=a53718badd764e376847d473d841829b" alt="" width="994" height="421" data-path="images/usm-anywhere/servicenow-incidents.webp" />
     </Frame>

     <Note>
       The displayed list includes all ServiceNow incidents generated by USM Anywhere, with the most recently opened items at the top. You can view the current status and assignment for the incident as reported by your ServiceNow instance.
     </Note>
4. Click **View** to open the incident in the ServiceNow interface.

   In ServiceNow, you can assign the issue, change its status, access the source of the incident in USM Anywhere from the link included in the ServiceNow incident, or perform any of the functions supported for your account.

   <Frame>
     <img src="https://mintcdn.com/levelblue-5324744e/Q_BhWHm3qHRMbGha/images/usm-anywhere/servicenow-incident-open.webp?fit=max&auto=format&n=Q_BhWHm3qHRMbGha&q=85&s=f59ab25ac4202619f5586e6e01a91ae8" alt="" width="977" height="666" data-path="images/usm-anywhere/servicenow-incident-open.webp" />
   </Frame>

## Filtering the Labeled Alarms and Vulnerabilities

USM Anywhere uses labels as a mechanism to classify alarms and vulnerabilities. These labels make it easy to filter items by label so that you can locate them easily and track their status. When the BlueApp for ServiceNow executes a response action for an alarm or vulnerability, it automatically applies the ServiceNow label to it. You can use this label as a filter so that a page displays data for only those items related to an BlueApp for ServiceNow response action.

**To view ServiceNow action alarms or vulnerabilities**

1. Go to the **Alarms** (**Activity > Alarms**) or **Vulnerabilities** (**Environment > Vulnerabilities**) page.
2. If the **Search & Filters** panel is not displayed, click <img src="https://mintcdn.com/levelblue-5324744e/FcyUlC8x9sXA5M24/images/usm-anywhere/to-open-filter-sidebar.svg?fit=max&auto=format&n=FcyUlC8x9sXA5M24&q=85&s=c2b9b8443065ea17eb723e6f8a8fb721" className="inline m-0" width="20" height="20" data-path="images/usm-anywhere/to-open-filter-sidebar.svg" /> to expand it.

   USM Anywhere includes several filters displayed by default.
3. Locate the **Labels** filter and select **ServiceNow**.

   <Frame>
     <img src="https://mintcdn.com/levelblue-5324744e/Q_BhWHm3qHRMbGha/images/usm-anywhere/servicenow-label-filter.webp?fit=max&auto=format&n=Q_BhWHm3qHRMbGha&q=85&s=f90366b2bf2652647d1c127ab2593c21" alt="" width="558" height="454" data-path="images/usm-anywhere/servicenow-label-filter.webp" />
   </Frame>

   If the Labels filter is not displayed, click **Configure Filters** at the bottom of the **Search & Filters** pane to configure filters for the page. See [Managing Filters](/documentation/usm-anywhere/user-guide/asset-management/asset-administration/managing-filters) for more information about configuring filters for the page display.

   In the displayed list, you can scroll the list to the right and view the **Labels** column.

   <Frame>
     <img src="https://mintcdn.com/levelblue-5324744e/Q_BhWHm3qHRMbGha/images/usm-anywhere/servicenow-labels-view.webp?fit=max&auto=format&n=Q_BhWHm3qHRMbGha&q=85&s=a23fd2a9a20bd192bb43d43be003f448" alt="" width="979" height="377" data-path="images/usm-anywhere/servicenow-labels-view.webp" />
   </Frame>