Create ServiceNow tickets with enriched data based on SevOne alert

 View Only
Thu August 10, 2023 05:58 AM

This workflow automates the creation of a ServiceNow ticket triggered by an alert from SevOne.  When SevOne generates an alert, it triggers a Webhook API call to the Workflow engine.  This webhook triggers a workflow in the workflow engine including description and other relevant information from the alert as part of the API POST.  The Workflow engine parses the data from the POST generated by SevOne and triggers an API call to the network device for which the alert was generated.  The workflow engine parses the alert description from SevOne and sends an API call to the network device to gather additional data on the status of the system/module that has been affected.  This result is included in the “Description” field while opening up a ServiceNow ticket.  The ServiceNow ticket is opened with information from the “SevOne” alert along with the real-time information gathered from the affected device at the time the alert was generated.    
List of requirements:
  • Automated Observability Version: 2022.8 or later
  • SevOne Version: 6.3.0 or newer
Environment Required:
Cisco Router:  needed for monitoring and generating alerts
  • SSH Username / Password
  • Setup the environment to trigger an error condition resulting in a SevOne alert
SevOne NMS:  needed for SevOne API access
  • SevOne Username / Password
  • Mgmt IP of SevOne collector
ServiceNow:  needed to open an Incidnet
  • ServiceNow instance userID/Password
  • ServiceNow URL
  • The IP address of Network device
  • Fields required to open a ServiceNow Incident
  • ServiceNow credentials
SevOne: Generates a monitoring Alert
SevOne: Launches a WebHook API call with information from the Alert
Workflow: Parse the “Short Description” field to get the type of Alert.  If the field is not known add a “generic description” for the ServiceNow incident and additional data cannot be obtained since the root cause system is not known.
Workflow: Parse the “Short Description” field to get the type of Alert that indicates the system/module that is the root cause of the alert.
Workflow: Execute API call on the system generating the alert to gather additional data on the system/module.
Workflow: Add the result of the API call to the JSON data element passed to the ServiceNow instance
Workflow: Open a new Incident in ServiceNow with the collected data
To Run the Workflow:  
Generate a SevOne alert which triggers the workflow.
Expected results:
A New ServiceNow Incident is opened with the SevOne alert results and the API call output to the affected System/Device.

0 Favorited
2 Files
zip file   1 KB   1 version
Uploaded - Thu August 10, 2023