Add a ServiceNow Incident Webhook to an Action Group

Integrating the ServiceNow alerting service into your Netreo monitoring workflow is fairly straightforward. Simply follow the steps below to create a new action group that can alert your ServiceNow account with a custom message of your choice. This action group may then be assigned to the alarm configuration of any monitoring check.

(Netreo recommends that you create a user in your ServiceNow account specifically for Netreo use.)

Procedure

First, you'll have to complete some steps in ServiceNow.

1. Log into your account at the ServiceNow website.
2. Make sure Incoming WebHook API Events is enabled for your account.

Once you've done that, log into your Netreo deployment as an Admin or SuperAdmin.

1. Go to the main menu and select Administration > Alerts > Actions to open the Actions Administration page.
2. Select Add A Group.
3. In the action group configuration dialog:
   1. In the GROUP NAME field enter a name for this action group (for example, "ServiceNowAlert").
      • No spaces are allowed in action group names.
   2. In the MANUAL ALERT ACCESS LEVEL  field select a user access level for this group.
      • This allows users with the selected access level and higher to manually run this action group from within an incident.
   3. Select Add Group.
4. In the action configuration dialog:
   1. In the ACTION NAME field enter a name for this action (for example, "ServiceNow Action").
      • Spaces are allowed in action names.
   2. Select Add Action.
5. In the method configuration dialog:
   1. In the ACTION METHOD TYPE field select Webhook from the pull-down menu. (See Action Group for more information on webhooks.)
   2. In the URL field enter: <YOUR CUSTOMER NAME>.service-now.com/api/now/table/incident
   3. In the PAYLOAD field enter something similar to the code in the Payload Code section further down.
      • You can customize the payload to provide values for ServiceNow using any desired Netreo incident macros.
   4. Select Add Method.

Now select this action group in the alarm configuration of a monitoring check. When that check fails and opens an incident, ServiceNow will be alerted according to the Netreo incident state change rules.

Payload Code

Payload Example

[header]
{
"Content-Type"  : "application/json",
"Authorization" : "Basic <YOUR BASE64 ENCODED SERVICENOW USERNAME:PASSWORD>"
}
[header]
{
"category"  : "<YOUR CATEGORY>",
"company"  : "<YOUR COMPANY NAME> Netreo",
"number"  : "{INCIDENTID}",
"priority"  : "<YOUR PRIORITY>",
"severity"  : "<YOUR SEVERITY>",
"short_description" : "{SUBJ}",
"cmdb_ci"  : "{HOSTNAME}",
"u_alert_link"  : "{INCIDENT_URL}",
"description"  : "{SUBJ}\n\nHost Name: {HOSTNAME}\nHost Address: {HOSTADDRESS}\nHost State: {HOSTSTATE}\nAlert: {ALERTDESC}\nThreshold Level: {THRESHOLD}\n\nIncidentID:{INCIDENTID}\nIncident State: {APPLICATIONSTATE}{SERVICESTATE}\n\n{OUTPUT}\n\nHost Note:{HOSTNOTE}\n"
}

Recommended general settings are to set priority to 3 and severity to 2, but this will vary based on your specific response policies and implementation. If you want different alerts to go out with different priority/severity levels, you can create separate action groups to easily accomplish this.

An example payload in the method configuration dialog.

 

New Incident View Field

By communicating with ServiceNow via the webhook action group above, Netreo automatically adds a new field to the info panel of the incident's Incident View page labeled "ServiceNow Ticket."

This field will contain a hyperlink directly to the ticket created in ServiceNow by the webhook, as seen in the image below. The hyperlink will be the ID of the ServiceNow ticket. Incidents not connected to a ServiceNow ticket via an action group webhook will not contain this field in their info panel.