Dear Team, 

We are trying "ServiceNow Functions for IBM SOAR" app to integrate SOAR and Servicenow. this is downloaded from the link 

IBM Security App Exchange - ServiceNow Functions for IBM SOAR

Ibmcloud		remove preview
IBM Security App Exchange - ServiceNow Functions for IBM SOAR IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers View this on Ibmcloud >

We are able to create an incident record successfully with the help of function

"SNOW: Create Record". Can we utilize below optional fields code to update "Configuration Item" field of SNOW record. If yes, please guide.

 inputs.sn_optional_fields = dumps({"short_description": f"RES-{incident.id,}: {incident.name}", "priority": sn_severity_map[incident.severity_code], "assignment_group": playbook.functions.results.assignment_group.get("sys_id"), "caller_id": playbook.functions.results.caller_id.get("sys_id") })

Is it possible to map the Configuration Item (CI) field from SNOW to SOAR?

Please suggest how?

Thanks.

Hi Vikram - I'm glad that you have things working!

What you've shared here is for customizing the data when sent from SOAR to SNOW (i.e. through the playbook). And we provide that as a very easy and customizable feature for you to implement custom field mapping when a case in SOAR is escalated to SNOW.

However, when moving the other direction (i.e. escalating a case from SNOW to SOAR), you have to modify the logic in the ServiceNow instance. You can see details on that in our SNOW customization docs (please note the updated location of this documentation and please do let me know if you have troubles accessing).

This does get relatively complex relatively quickly, however, I hope that the example provided at that link will walk you through it as much as possible and get you on your way.

Please do let me know if you have any questions.

Thanks!

Dear Team, 

We are trying "ServiceNow Functions for IBM SOAR" app to integrate SOAR and Servicenow. this is downloaded from the link 

IBM Security App Exchange - ServiceNow Functions for IBM SOAR

Ibmcloud		remove preview
IBM Security App Exchange - ServiceNow Functions for IBM SOAR IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers View this on Ibmcloud >

We are able to create an incident record successfully with the help of function

"SNOW: Create Record". Can we utilize below optional fields code to update "Configuration Item" field of SNOW record. If yes, please guide.

 inputs.sn_optional_fields = dumps({"short_description": f"RES-{incident.id,}: {incident.name}", "priority": sn_severity_map[incident.severity_code], "assignment_group": playbook.functions.results.assignment_group.get("sys_id"), "caller_id": playbook.functions.results.caller_id.get("sys_id") })

Is it possible to map the Configuration Item (CI) field from SNOW to SOAR?

Please suggest how?

Thanks.

thanks for the reply BO, please refer attached file.

We are using function create record from the SNOW app and we could map short_description, priority, category, caller_id and assignment group.

Similar way we need a mapping how can we map the cmdb_ci field which indicates to the configuration item field in SNOW to the create record function from the SNOW app

Hi Vikram - I'm glad that you have things working!

What you've shared here is for customizing the data when sent from SOAR to SNOW (i.e. through the playbook). And we provide that as a very easy and customizable feature for you to implement custom field mapping when a case in SOAR is escalated to SNOW.

However, when moving the other direction (i.e. escalating a case from SNOW to SOAR), you have to modify the logic in the ServiceNow instance. You can see details on that in our SNOW customization docs (please note the updated location of this documentation and please do let me know if you have troubles accessing).

This does get relatively complex relatively quickly, however, I hope that the example provided at that link will walk you through it as much as possible and get you on your way.

Please do let me know if you have any questions.

Thanks!

Dear Team, 

We are trying "ServiceNow Functions for IBM SOAR" app to integrate SOAR and Servicenow. this is downloaded from the link 

IBM Security App Exchange - ServiceNow Functions for IBM SOAR

Ibmcloud		remove preview
IBM Security App Exchange - ServiceNow Functions for IBM SOAR IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers View this on Ibmcloud >

We are able to create an incident record successfully with the help of function

"SNOW: Create Record". Can we utilize below optional fields code to update "Configuration Item" field of SNOW record. If yes, please guide.

 inputs.sn_optional_fields = dumps({"short_description": f"RES-{incident.id,}: {incident.name}", "priority": sn_severity_map[incident.severity_code], "assignment_group": playbook.functions.results.assignment_group.get("sys_id"), "caller_id": playbook.functions.results.caller_id.get("sys_id") })

Is it possible to map the Configuration Item (CI) field from SNOW to SOAR?

Please suggest how?

Thanks.

Hi Vikram - ok I think I understand your question, but correct me if I am wrong. You are trying to send a value that you have in SOAR to a field in ServiceNow, right?

Can you please be more specific with exactly what you want to do? What is the API name of the field in SOAR? What field do you want to match that to in ServiceNow?

thanks for the reply BO, please refer attached file.

We are using function create record from the SNOW app and we could map short_description, priority, category, caller_id and assignment group.

Similar way we need a mapping how can we map the cmdb_ci field which indicates to the configuration item field in SNOW to the create record function from the SNOW app

Hi Vikram - I'm glad that you have things working!

What you've shared here is for customizing the data when sent from SOAR to SNOW (i.e. through the playbook). And we provide that as a very easy and customizable feature for you to implement custom field mapping when a case in SOAR is escalated to SNOW.

However, when moving the other direction (i.e. escalating a case from SNOW to SOAR), you have to modify the logic in the ServiceNow instance. You can see details on that in our SNOW customization docs (please note the updated location of this documentation and please do let me know if you have troubles accessing).

This does get relatively complex relatively quickly, however, I hope that the example provided at that link will walk you through it as much as possible and get you on your way.

Please do let me know if you have any questions.

Thanks!

Dear Team, 

We are trying "ServiceNow Functions for IBM SOAR" app to integrate SOAR and Servicenow. this is downloaded from the link 

IBM Security App Exchange - ServiceNow Functions for IBM SOAR

Ibmcloud		remove preview
IBM Security App Exchange - ServiceNow Functions for IBM SOAR IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers View this on Ibmcloud >

We are able to create an incident record successfully with the help of function

"SNOW: Create Record". Can we utilize below optional fields code to update "Configuration Item" field of SNOW record. If yes, please guide.

 inputs.sn_optional_fields = dumps({"short_description": f"RES-{incident.id,}: {incident.name}", "priority": sn_severity_map[incident.severity_code], "assignment_group": playbook.functions.results.assignment_group.get("sys_id"), "caller_id": playbook.functions.results.caller_id.get("sys_id") })

Is it possible to map the Configuration Item (CI) field from SNOW to SOAR?

Please suggest how?

Thanks.

Dear Bo, the field is not present in SOAR by default. It is present in SOAR by default.

In SOAR there is a CMDB that saves all the CI names and tickets are raised adding which CI is affected for the ticket.

We are trying to find a way to sync these 2 parameters together i.e add a new field in SOAR with the name CI_Field. and this CI_Field is mapped with an entry in CMDB in SNOW.

Hi Vikram - ok I think I understand your question, but correct me if I am wrong. You are trying to send a value that you have in SOAR to a field in ServiceNow, right?

Can you please be more specific with exactly what you want to do? What is the API name of the field in SOAR? What field do you want to match that to in ServiceNow?

thanks for the reply BO, please refer attached file.

We are using function create record from the SNOW app and we could map short_description, priority, category, caller_id and assignment group.

Similar way we need a mapping how can we map the cmdb_ci field which indicates to the configuration item field in SNOW to the create record function from the SNOW app

Hi Vikram - I'm glad that you have things working!

What you've shared here is for customizing the data when sent from SOAR to SNOW (i.e. through the playbook). And we provide that as a very easy and customizable feature for you to implement custom field mapping when a case in SOAR is escalated to SNOW.

However, when moving the other direction (i.e. escalating a case from SNOW to SOAR), you have to modify the logic in the ServiceNow instance. You can see details on that in our SNOW customization docs (please note the updated location of this documentation and please do let me know if you have troubles accessing).

This does get relatively complex relatively quickly, however, I hope that the example provided at that link will walk you through it as much as possible and get you on your way.

Please do let me know if you have any questions.

Thanks!

Dear Team, 

We are trying "ServiceNow Functions for IBM SOAR" app to integrate SOAR and Servicenow. this is downloaded from the link 

IBM Security App Exchange - ServiceNow Functions for IBM SOAR

Ibmcloud		remove preview
IBM Security App Exchange - ServiceNow Functions for IBM SOAR IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers View this on Ibmcloud >

We are able to create an incident record successfully with the help of function

"SNOW: Create Record". Can we utilize below optional fields code to update "Configuration Item" field of SNOW record. If yes, please guide.

 inputs.sn_optional_fields = dumps({"short_description": f"RES-{incident.id,}: {incident.name}", "priority": sn_severity_map[incident.severity_code], "assignment_group": playbook.functions.results.assignment_group.get("sys_id"), "caller_id": playbook.functions.results.caller_id.get("sys_id") })

Is it possible to map the Configuration Item (CI) field from SNOW to SOAR?

Please suggest how?

Thanks.

Hi Vikram -

Is this related to the other question posed in the community here? https://community.ibm.com/community/user/security/discussion/snow-integration-configuration-item-field-update?ReturnUrl=%2fcommunity%2fuser%2fsecurity%2fcommunities%2fcommunity-home%2fdigestviewer%3fcommunitykey%3dd2f71e8c-108e-4652-b59c-29d61af7163e%26tab%3ddigestviewer

See my answer there.

More to your question, I don't know what a "CMDB" is. If that is a custom database in ServiceNow, know that we only support the incident and sn_si_incident tables in ServiceNow.

Dear Bo, the field is not present in SOAR by default. It is present in SOAR by default.

In SOAR there is a CMDB that saves all the CI names and tickets are raised adding which CI is affected for the ticket.

We are trying to find a way to sync these 2 parameters together i.e add a new field in SOAR with the name CI_Field. and this CI_Field is mapped with an entry in CMDB in SNOW.

Hi Vikram - ok I think I understand your question, but correct me if I am wrong. You are trying to send a value that you have in SOAR to a field in ServiceNow, right?

Can you please be more specific with exactly what you want to do? What is the API name of the field in SOAR? What field do you want to match that to in ServiceNow?

thanks for the reply BO, please refer attached file.

We are using function create record from the SNOW app and we could map short_description, priority, category, caller_id and assignment group.

Similar way we need a mapping how can we map the cmdb_ci field which indicates to the configuration item field in SNOW to the create record function from the SNOW app

Hi Vikram - I'm glad that you have things working!

What you've shared here is for customizing the data when sent from SOAR to SNOW (i.e. through the playbook). And we provide that as a very easy and customizable feature for you to implement custom field mapping when a case in SOAR is escalated to SNOW.

However, when moving the other direction (i.e. escalating a case from SNOW to SOAR), you have to modify the logic in the ServiceNow instance. You can see details on that in our SNOW customization docs (please note the updated location of this documentation and please do let me know if you have troubles accessing).

This does get relatively complex relatively quickly, however, I hope that the example provided at that link will walk you through it as much as possible and get you on your way.

Please do let me know if you have any questions.

Thanks!

Dear Team, 

We are trying "ServiceNow Functions for IBM SOAR" app to integrate SOAR and Servicenow. this is downloaded from the link 

IBM Security App Exchange - ServiceNow Functions for IBM SOAR

Ibmcloud		remove preview
IBM Security App Exchange - ServiceNow Functions for IBM SOAR IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers View this on Ibmcloud >

We are able to create an incident record successfully with the help of function

"SNOW: Create Record". Can we utilize below optional fields code to update "Configuration Item" field of SNOW record. If yes, please guide.

 inputs.sn_optional_fields = dumps({"short_description": f"RES-{incident.id,}: {incident.name}", "priority": sn_severity_map[incident.severity_code], "assignment_group": playbook.functions.results.assignment_group.get("sys_id"), "caller_id": playbook.functions.results.caller_id.get("sys_id") })

Is it possible to map the Configuration Item (CI) field from SNOW to SOAR?

Please suggest how?

Thanks.