De-duplicate and update SevOne alerts to ServiceNow

Description: Performs a sync of SevOne NPM (non-trap/flow) Alerts to ServiceNow incidents. SevOne Alerts are deduplicated before import into ServiceNow. Alert Status and Severity are also synced. Closed alerts will be resolved in ServiceNow. Incidents related to devices deleted from SevOne will be resolved.

This flow can be scheduled as a job to keep ServiceNow Incidents updated at a regular frequency. Run with the "pretend" parameter set to true to see a preview of what actions the flow will take.

List of requirements:

• Automated Observability Version: 2022.8 or later
• Integrations required: SevOne minimum version 1.0.20, ServiceNow minimum version 1.0.15
• Authentication(s) needed: SevOne, ServiceNow
• SevOne User Role: The user must be part of the administrator's group.
• ServiceNow User Role: The user should have ITIL and ASSET roles in ServiceNow.

Setup:

• You must modify the variable SevOne_Authkey in the start block to your current SevOne authentication name.
• You must modify the variable ServiceNow_Authkey in the start block to your current ServiceNow authentication name.
• To delete or add devices, you must change the variable Dry_run to false; by default, it is set to true when first importing the workflow.

Expected results:

• Dry run boolean <either true or false>
• New alerts in SevOne will be de-duplicated and the most severe alert will be created as an incident in ServiceNow.
• Alerts that are acknowledged will result in the ServiceNow incident being closed.
• Incidents related to devices that have been removed from SevOne will be closed.