IBM Security QRadar SOAR

 View Only

  • 1.  SNOW Integration: SNOW application create record from Resilient

    Posted Mon April 26, 2021 09:12 AM
    Hi All,

    I currently using the ServiceNow application in Resilient, but I'm having trouble when using the "Create Record" OOB function, Basically what I'm doing is to add more fields on the "optional_fields" in the function input and I was able to create ticket to ServiceNow. What my troubles is that when I added other fields it is not reflected on the snow ticket and only notes and short_description is being passed to the app ticket. I'm currently having blockers since i need to pass more values within the ticket and hopefully someone here can help me out.

    Thanks,

    ------------------------------
    Lionell Libarios
    ------------------------------


  • 2.  RE: SNOW Integration: SNOW application create record from Resilient

    IBM Champion
    Posted Tue April 27, 2021 09:27 AM
    Edited by System Thu November 11, 2021 11:15 AM
    Hi Lionell,

    Would you mind giving an example of what you're sending as the value for the "optional_fields" input to the function? The logs from the function's integration/app around the time you make the request could be helpful too. It may also be helpful to change the log level to DEBUG in the 'app.config' file on the integration server / app that you're using to run the integration.

    ------------------------------
    Liam Mahoney
    ------------------------------

    Original Message


  • 3.  RE: SNOW Integration: SNOW application create record from Resilient

    Posted Tue April 27, 2021 04:02 PM
    Hi @Liam Mahoney,

    Please see below JSON values I'm passing to the SNOW: Create Record function.

    json_fields = {
  "short_description": u"RES-{0}: {1}".format(incident.id, unicode(incident.name)),
  "impact": 4,
  "contact_type": u"Event",
  "cmdb_ci": u"Application Service"
}

inputs.sn_optional_fields = dict_to_json_str(json_fields)​


    Unfortunately, the impact, contact_type and cmdb_ci were not reflecting to the ticket created. 

    Thanks,

    ------------------------------
    Lionell Libarios
    ------------------------------

    Original Message


  • 4.  RE: SNOW Integration: SNOW application create record from Resilient

    Posted Tue April 27, 2021 09:33 AM
    Hi Lionell,

    Links for our documentation is currently down at http://ibm.biz/res-snow-docs

    It redirects currently to https://github.com/ibmresilient/resilient-community-apps/blob/master/fn_service_now/README.md

    And the customization guide for the Resilient side of the App is at https://github.com/ibmresilient/resilient-community-apps/tree/master/fn_service_now/docs/customize_resilient_guide

    Hopefully these can help resolve your issue

    ------------------------------
    Shane Curtin
    Apps Engineer - IBM Resilient
    ------------------------------

    Original Message


  • 5.  RE: SNOW Integration: SNOW application create record from Resilient

    Posted Tue April 27, 2021 03:57 PM
    Edited by Lionell Libarios Tue April 27, 2021 04:02 PM
    Hi @Shane Curtin,

    Appreciate your reply with the docs, I have reviewed all the possible docs from the links provided but can't find the one that causing me trouble. pasted below the sample script when passing the values to snow ticket using the SNOW: Create Record function.

     
    json_fields = {
  "short_description": u"RES-{0}: {1}".format(incident.id, unicode(incident.name)),
  "impact": 4,
  "contact_type": u"Event",
  "cmdb_ci": u"Application Service"
}

inputs.sn_optional_fields = dict_to_json_str(json_fields)


    The field values I'm passing is also based on the current ServiceNow data but the impact, contact_type and cmdb_ci were not reflecting on the ticket when created.

    Thanks,


    ------------------------------
    Lionell Libarios
    ------------------------------

    Original Message


  • 6.  RE: SNOW Integration: SNOW application create record from Resilient

    Posted Wed April 28, 2021 02:14 AM
    Hello Lionell,

    Please try using the Impact Field value as "4-Low".

    Regards,
    Anu.

    ------------------------------
    Anu CN
    ------------------------------

    Original Message


  • 7.  RE: SNOW Integration: SNOW application create record from Resilient

    Posted Wed April 28, 2021 06:08 AM
    Hi Lionell,

    I think this may be an issue with the field mapping

    As the docs state (although specific for close_codes): https://github.com/ibmresilient/resilient-community-apps/tree/master/fn_service_now/docs/customize_resilient_guide#snow-close-record


    So what you want to do is in ServiceNow go to System Definition > Dictionary and filter by Column Name:

    What you want in your optional_fields is the "Value" of the field in ServiceNow - these vary on your ServiceNow configuration

    I am assuming it just has to be lowercase event for contact_type and for cmdb_ci, it could be an integer, but you will have to look it up like above

    Hope this helps

    Shane

    ------------------------------
    Shane Curtin
    Apps Engineer - IBM Resilient
    ------------------------------

    Original Message