OpenText Webroot Unity - ServiceNow Integration and Automation

Common Integration Use Cases Between OpenText Webroot Unity and ServiceNow

OpenText Webroot Unity and ServiceNow complement each other well in enterprise security operations. Webroot Unity provides endpoint threat detection, malware prevention, and centralized security control, while ServiceNow serves as the workflow and service management layer for incident handling, request fulfillment, asset tracking, and cross-team coordination. Integrating the two platforms helps security teams move faster, improve visibility, and standardize response processes.

1. Automated Security Incident Creation from Endpoint Threat Alerts

Data flow: OpenText Webroot Unity to ServiceNow

When Webroot detects malware, phishing activity, ransomware behavior, or suspicious endpoint activity, it can automatically create a security incident in ServiceNow. The incident can include device details, user identity, threat type, severity, detection time, and remediation status.

• Reduces manual ticket creation by the security team
• Ensures high-priority threats are tracked in a formal workflow
• Improves response times and auditability

2. Enrichment of ServiceNow Incidents with Endpoint Security Context

Data flow: OpenText Webroot Unity to ServiceNow

ServiceNow incidents raised by the service desk can be enriched with Webroot endpoint protection data, such as last scan results, active threats, device risk score, and quarantine history. This gives support analysts immediate context before they begin troubleshooting.

• Speeds up triage and root cause analysis
• Helps service desk teams distinguish security issues from general IT issues
• Improves first-contact resolution for endpoint-related cases

3. Automated Containment and Remediation Workflow for High-Risk Devices

Data flow: Bi-directional

When Webroot identifies a severe threat, it can trigger a ServiceNow workflow that routes the case to security operations, IT support, or endpoint management teams. ServiceNow can then coordinate remediation tasks such as user notification, device isolation approval, reimaging requests, or follow-up validation.

• Creates a structured response process for critical endpoint events
• Coordinates actions across security, service desk, and desktop support teams
• Supports consistent handling of ransomware and active malware cases

4. Security Event to Major Incident Escalation

Data flow: OpenText Webroot Unity to ServiceNow

If Webroot detects repeated infections, widespread phishing compromise, or multiple endpoints affected by the same threat, ServiceNow can automatically escalate the situation into a major incident or security event. This allows leadership and response teams to be notified quickly and work from a single operational record.

• Improves enterprise response to widespread security events
• Supports executive visibility and incident governance
• Helps organizations meet internal escalation thresholds

5. Endpoint Protection Status Updates in ServiceNow Asset or CMDB Records

Data flow: OpenText Webroot Unity to ServiceNow

Webroot can feed endpoint protection status into ServiceNow configuration item or asset records, showing whether a device is protected, out of date, quarantined, or at risk. This gives IT and security teams a more complete view of device posture across the environment.

• Improves asset and configuration data accuracy
• Supports compliance reporting and endpoint governance
• Helps identify unmanaged or noncompliant devices faster

6. ServiceNow Request Fulfillment for Security Exceptions or Access Actions

Data flow: ServiceNow to OpenText Webroot Unity

ServiceNow can be used to manage requests related to endpoint security, such as temporary exclusions, policy exceptions, or device remediation approvals. Once approved, the request can trigger a corresponding action or policy update in Webroot.

• Creates a controlled approval process for security exceptions
• Reduces ad hoc changes handled outside governance
• Provides an auditable record of who approved what and when

7. Security Operations Reporting and SLA Tracking

Data flow: Bi-directional

Webroot detection data and remediation outcomes can be sent to ServiceNow for reporting on incident volume, response time, containment time, and resolution status. This helps security and IT leaders measure operational performance and identify recurring endpoint threats.

• Supports SLA and KPI reporting for security operations
• Highlights recurring threat patterns and response bottlenecks
• Improves planning for staffing and process optimization

Overall, integrating OpenText Webroot Unity with ServiceNow helps organizations connect endpoint threat detection with enterprise workflow management. The result is faster incident response, better cross-team coordination, stronger compliance, and more accurate operational reporting.