IBM Security QRadar

 View Only
  • 1.  Creation of SNOW incident for every SOAR incident

    Posted Mon February 26, 2024 12:24 PM

    Hi Everyone, 

    We are working to integrate ServiceNow with IBM SOAR and we have installed & configured function for servicenow app from IBM appexchange. 

    Also, configuration has been completed on servicenow end. Now we are able to create Servicenow incident manually using playbook which is out of the box installation for function of service now App. However requirement is we need to create Servicenow incident automatically whenever any case is escalated in SOAR. 

    We have created one playbook as incident type and set automatic using the same function which we are using in manual playbook. 

    Also this playbook is running on each and every incident but getting failed during execution below is the error which we are facing, could you please help us to identify the issue or fix the same?


    Traceback (most recent call last):
      File "/opt/app-root/lib64/python3.9/site-packages/fn_service_now/components/fn_snow_lookup_sysid.py", line 53, in _fn_snow_lookup_sysid_function
        validate_fields(["sn_query_field", "sn_table_name", "sn_query_value"], kwargs)
      File "/opt/app-root/lib64/python3.9/site-packages/resilient_lib/components/resilient_common.py", line 271, in validate_fields
        raise ValueError(mandatory_err_msg.format(field))
    ValueError: 'sn_query_field' is mandatory and is not set. You must set this value to run this function

    we have set sn_query_value and sn_query_field as optional but same output.

     



    ------------------------------
    Rajbir Singh
    ------------------------------



  • 2.  RE: Creation of SNOW incident for every SOAR incident

    Posted Mon February 26, 2024 02:46 PM

    Hello Rajbir, 

    As per the App Exchnage website below:

    https://exchange.xforce.ibmcloud.com/hub/extension/60d9d260cdbc40047309fc6132a57035

    This app is supported by the QRadar SOAR Support team and therefore I would suggest posting this query to their forum:

    https://community.ibm.com/community/user/security/communities/community-home?CommunityKey=d2f71e8c-108e-4652-b59c-29d61af7163e

    Regards,



    ------------------------------
    Comghall Morgan
    QRadar Support Architect
    IBM
    ------------------------------