IBM Security QRadar SOAR

Hi Everyone, 

We are working to integrate ServiceNow with IBM SOAR and we have installed & configured function for servicenow app from IBM appexchange. 

Also, configuration has been completed on servicenow end. Now we are able to create Servicenow incident manually using playbook which is out of the box installation for function of service now App. However requirement is we need to create Servicenow incident automatically whenever any case is escalated in SOAR. 

We have created one playbook as incident type and set automatic using the same function which we are using in manual playbook. 

Also this playbook is running on each and every incident but getting failed during execution below is the error which we are facing, could you please help us to identify the issue or fix the same?

Traceback (most recent call last):
  File "/opt/app-root/lib64/python3.9/site-packages/fn_service_now/components/fn_snow_lookup_sysid.py", line 53, in _fn_snow_lookup_sysid_function
    validate_fields(["sn_query_field", "sn_table_name", "sn_query_value"], kwargs)
  File "/opt/app-root/lib64/python3.9/site-packages/resilient_lib/components/resilient_common.py", line 271, in validate_fields
    raise ValueError(mandatory_err_msg.format(field))
ValueError: 'sn_query_field' is mandatory and is not set. You must set this value to run this function

we have set sn_query_value and sn_query_field as optional but same output.

Hi, We have observed earlier this was achieved using rule which were part of function of soar application installation, however in newer version all rules has been removed and only functions and playbooks exist which are set to run manual, most of them. 

Hi Everyone, 

We are working to integrate ServiceNow with IBM SOAR and we have installed & configured function for servicenow app from IBM appexchange. 

Also, configuration has been completed on servicenow end. Now we are able to create Servicenow incident manually using playbook which is out of the box installation for function of service now App. However requirement is we need to create Servicenow incident automatically whenever any case is escalated in SOAR. 

We have created one playbook as incident type and set automatic using the same function which we are using in manual playbook. 

Also this playbook is running on each and every incident but getting failed during execution below is the error which we are facing, could you please help us to identify the issue or fix the same?

Traceback (most recent call last):
  File "/opt/app-root/lib64/python3.9/site-packages/fn_service_now/components/fn_snow_lookup_sysid.py", line 53, in _fn_snow_lookup_sysid_function
    validate_fields(["sn_query_field", "sn_table_name", "sn_query_value"], kwargs)
  File "/opt/app-root/lib64/python3.9/site-packages/resilient_lib/components/resilient_common.py", line 271, in validate_fields
    raise ValueError(mandatory_err_msg.format(field))
ValueError: 'sn_query_field' is mandatory and is not set. You must set this value to run this function

we have set sn_query_value and sn_query_field as optional but same output.