IBM Security QRadar SOAR

Hi Team,

We have setup SOAR-SNOW Integration using the package "ServiceNow Functions for IBM SOAR":
https://exchange.xforce.ibmcloud.com/hub/extension/60d9d260cdbc40047309fc6132a57035

We are able to create SIR record successfully with the help of function "SNOW: Create Record".

Can we utilize below optional fields code to update "Configuration Item" field of SNOW record. If yes, please guide.

inputs.sn_optional_fields = dumps({
"short_description": f"RES-{incident.id,}: {incident.name}",
"priority": sn_severity_map[incident.severity_code],
"assignment_group": playbook.functions.results.assignment_group.get("sys_id"),
"caller_id": playbook.functions.results.caller_id.get("sys_id")
})

Thanks in advance.

Hi Arpit -

Yes, you can update any field in ServiceNow through the sn_optional_fields input option to the function "SNOW: Create Record".

You'll need to find the API name of "Configuration Item" in ServiceNow and then add that in to the dictionary that you pasted in your question above.

------------------------------
Bo Bleckel

Original Message:
Sent: Fri March 15, 2024 07:15 AM
From: Arpit Nama
Subject: SNOW Integration - Configuration Item Field Update

Hi Team,

We have setup SOAR-SNOW Integration using the package "ServiceNow Functions for IBM SOAR":
https://exchange.xforce.ibmcloud.com/hub/extension/60d9d260cdbc40047309fc6132a57035

We are able to create SIR record successfully with the help of function "SNOW: Create Record".

Can we utilize below optional fields code to update "Configuration Item" field of SNOW record. If yes, please guide.

inputs.sn_optional_fields = dumps({
"short_description": f"RES-{incident.id,}: {incident.name}",
"priority": sn_severity_map[incident.severity_code],
"assignment_group": playbook.functions.results.assignment_group.get("sys_id"),
"caller_id": playbook.functions.results.caller_id.get("sys_id")
})

Thanks in advance.

------------------------------
Arpit Nama
------------------------------

Yes, this is the expectation and tried below combinations but no luck.

option 1: "cmdb_ci": "Hostname",

option 2: "cmdb_ci": "sys id of hostname",

Could you please guide further?

------------------------------
Arpit Nama

Original Message:
Sent: Thu March 21, 2024 08:36 AM
From: Bo Bleckel
Subject: SNOW Integration - Configuration Item Field Update

Hi Arpit -

Yes, you can update any field in ServiceNow through the sn_optional_fields input option to the function "SNOW: Create Record".

You'll need to find the API name of "Configuration Item" in ServiceNow and then add that in to the dictionary that you pasted in your question above.

------------------------------
Bo Bleckel

Original Message:
Sent: Fri March 15, 2024 07:15 AM
From: Arpit Nama
Subject: SNOW Integration - Configuration Item Field Update

Hi Team,

We have setup SOAR-SNOW Integration using the package "ServiceNow Functions for IBM SOAR":
https://exchange.xforce.ibmcloud.com/hub/extension/60d9d260cdbc40047309fc6132a57035

We are able to create SIR record successfully with the help of function "SNOW: Create Record".

Can we utilize below optional fields code to update "Configuration Item" field of SNOW record. If yes, please guide.

inputs.sn_optional_fields = dumps({
"short_description": f"RES-{incident.id,}: {incident.name}",
"priority": sn_severity_map[incident.severity_code],
"assignment_group": playbook.functions.results.assignment_group.get("sys_id"),
"caller_id": playbook.functions.results.caller_id.get("sys_id")
})

Thanks in advance.

------------------------------
Arpit Nama
------------------------------