ServiceNow Integration Guide

ServiceNow is a powerful platform-as-a-service, which offers advanced automation and process workflow for the enterprise environment. Integrate AlertOps’ alert management platform with ServiceNow to receive and respond to critical alerts through email, SMS, push notification, and phone alerts. AlertOps ensures that alerts received from ServiceNow always reach the correct, available team member by utilizing escalation policies and on-call schedules.

AlertOps Configuration

  1. From the main menu, click on Integrations and then select Inbound Integrations from the sub menu.
  2. Select API tab
  3. Select the 'ADD API INTEGRATION' button.
  4. You should now be on the API Integration Detail page. Select ServiceNow from the pre-built Integration Templates.
  5. Enter a name for the integration. Select an escalation rule to determine the integration's escalation policy. And, enter the names of recipient group(s) and recipient user(s). Click 'SAVE.' Then, click 'COPY URL' to copy the URL endpoint to be used in the Service Now configuration.

ServiceNow Configuration

The ServiceNow configuration requires a REST message and a Business Rule.  The REST message defines the output to AlertOps, and the Business Rule sets the trigger to use the REST message to create/close an alert.

Step 1: Create a new REST message.

From the navigation menu, expand System Web Services, from the Outbound submenu, select REST Message.  In the main pane choose New.  Give the REST message a name and description (make a note of the name, you will use it for the Business Rule).  Then paste the URL from the AlertOps Integration into the Endpoint field.  Click Submit.

Step 2: Create POST method.

While still on the REST message page, scroll down to HTTP Methods and click New.  Give the new Method a name (make a note of this name as well, you will need it for the Business Rule).  Set the HTTP method to POST.  Enter the Integration URL into the Endpoint field.  

Step 3: Enter Content

Enter the following data into the Content field:
{
"sys_class_name":"${sys_class_name}",
"category":"${category}",
"sys_id":"${sys_id}",
"incident_state":"${incident_state}",
"severity":"${severity}",
"short_description":"${short_description}",
"number":"${number}"
}

Step 4: Add variable substitutions and test.

By adding variable substitutions, you will define a test payload to ensure that the REST message can create an alert.  Scroll to the bottom of the HTTP method and click New to enter a substitution.

Variable Substitutions:

NAME: category TESTVALUE: software
incident_state of 1 will open an alertincident_state of 7 will close an alert
NAME: incident_state TESTVALUE: 1
NAME: number TESTVALUE: INC0010022
NAME: severity TESTVALUE: 3
NAME: short_description TESTVALUE: software update
NAME: sys_class_name TESTVALUE: incident

When all of the substitutions have been entered, click the Test link above the Variables to send a POST to AlertOps to create an alert.  Verify the alert has been created, then change the incident_state variable to 7 and click Test again.  The alert should now be closed.

Step 5: Create a Business Rule to automatically trigger the incidents on Status New and Closed

Navigate to System Definition > Business Rules, and click New.  Enter a name for the rule, choose Incident for the Table, select Active and Advanced.  For When to Run, choose after in the When drop down, select Insert and Update.  Add Filter Conditions for Incident State is New or Incident state is Closed.  Click Update.

Step 6: Enter the code

Select the Advanced tab and enter the following data into the Script field.  

(function executeRule(current, previous /*null when async*/) {

try {
        var r = new sn_ws.RESTMessageV2('AlertOps','post');
        r.setStringParameter('severity', current.severity);
        r.setStringParameter('category', current.category);
        r.setStringParameter('sys_class_name', current.sys_class_name);
        r.setStringParameter('short_description', current.short_description);
        r.setStringParameter('incident_state', current.incident_state);
        r.setStringParameter('sys_id', current.sys_id);
        r.setStringParameter('number', current.number);
        var response = r.execute();
        var responseBody = response.getBody();
        var httpStatus = response.getStatusCode();
    } catch (ex) {
        var message = ex.getMessage();
    }
}

)(current, previous);

NOTE: In the following line from the above data, the REST Message name and method in the parenthesis must match the previously configured elements:

var r = new sn_ws.RESTMessageV2('AlertOps','post');

Step 7: Go to Incident > Create New. 

Step 8: Resolve and Close the incident. 

Alert Triggering Information

AlertOps will automatically create an incident when a new alert is received from Service Now with an IncidentStatus status of “1.”

If an alert with status “1” matches an existing Open Alert, AlertOps will recognize the new alert as a duplicate and ignore the alert. The alert will be recorded in the Inbound Messages table as “Mapped Appended.”

AlertOps will automatically close the same incident when an alert with an IncidentStatus status “7” is received.

Testing and Troubleshooting

Click here to read about Web API Testing and Troubleshooting. 

Did this answer your question?