Unified tool for ServiceNow SLA and OLA lifecycle beyond view-only status checks: list, update, breach_response, pause, resume, list_breaches. Wraps contract_sla (definitions, including OLAs) and task_sla (running instances). Actions: - list — list contract_sla definitions, optionally filtered by...
AI agents use snow_sla_manage to create or update resources in Serac — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Serac environment.
While the tool includes read operations (list, list_breaches), the most severe applicable category is Write, as the tool's primary purpose involves creating and modifying SLA/OLA data and task states. These modifications are reversible (can be resumed, re-updated, or reverted), distinguishing it from Destructive.
From the tool's definition The tool performs multiple write and modification operations: 'update' patches contract_sla fields (duration, condition, schedule, active, retroactive flags), 'breach_response' appends work notes and escalations to task_sla rows, and 'pause' modifies task_sla…
Attacks that exploit this kind of access
Unified tool for ServiceNow SLA and OLA lifecycle beyond view-only status checks: list, update, breach_response, pause, resume, list_breaches. Wraps contract_sla (definitions, including OLAs) and task_sla (running instances). Actions: - list — list contract_sla definitions, optionally filtered by table or SLA type (SLA or OLA) - update — patch contract_sla fields (duration, condition, schedule, active, retroactive flags) - breach_response — append a work note and optional escalation to a task_sla row that has breached - pause — pause a running task_sla row (sets stage to paused with a reason) - resume — resume a paused task_sla row - list_breaches — list task_sla rows where has_breached=true, optionally scoped to a table or assignment_group Use when: the agent needs to maintain SLA definitions, react to breaches, or pause/resume in-flight SLAs on individual records. For creating a new contract_sla, use snow_create_sla; for a read-only status of one task. It is categorised as a Write tool in the Serac MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Serac MCP server in PolicyLayer and add a rule for snow_sla_manage: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Serac. Nothing to install.
snow_sla_manage is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the snow_sla_manage rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for snow_sla_manage. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
snow_sla_manage is provided by the Serac MCP server (serac-labs/serac). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
snow_sla_manage is one line of Serac's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →