Focus

Prisma SD-WAN

Configure ServiceNow

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Activation & Onboarding
Administration
CloudBlades
Select a Document
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Select a Document
- 6.5
- 6.4
- 6.3
- 6.1
- 5.6
- Prisma SD-WAN Controller
- Prisma SD-WAN On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Prisma SASE

Configure ServiceNow CloudBlade in Prisma SD-WAN

Create and Resolve Incidents on ServiceNow

Configure ServiceNow

Go through the following sections which provide information about the Prisma SD-WAN ServiceNow CloudBlade configuration infrastructure, Event queries, and how to convert events to ServiceNow constructs.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN (Managed by `Strata Cloud Manager`)	Prisma SD-WAN ServiceNow CloudBlade

The following sections provide information about the Prisma SD-WAN ServiceNow CloudBlade configuration:

ServiceNow CloudBlade Infrastructure

Once the CloudBlade configuration parameters are set up and the CloudBlade is installed, the CloudBlade infrastructure will perform the following tasks:

Extract configuration parameters received from the CloudBlade
Query for events based on the event codes provided
Create or resolve existing tickets
Wait until poll_interval for next iteration

Query for Events

Once the ServiceNow configuration is extracted, the CloudBlade queries for events using the following API query:

events_query_payload = {
    "limit": 
       {
            "count": 100,
            "sort_on": "time", 
           "sort_order": "descending" 
       },
    "query": { 
       "code": event_codes
    }, 
   "severity": [],
    "start_time":start_time}

Here, the event_codes is a list of event codes configured on the UI. Once the events are retrieved, they are mapped against an internal database to check if a ticket is already created in ServiceNow. If the event is cleared and a ticket exists, the ticket is set to Resolved in ServiceNow. If the ticket does not exist on ServiceNow, the event is ignored. If the clear is set to False, a new ticket is created in ServiceNow.

Convert Prisma SD-WAN Events to ServiceNow Constructs

Before a ticket is created on ServiceNow, the Prisma SD-WAN event JSON is converted to a data structure understood by the ServiceNow instance. This mapping is dependent on the parameters configured on the CloudBlade. For example, the CloudBlade configuration below is translated in the following manner:

Prisma SD-WAN Event Attributes	ServiceNow Construct
code	u_code
correlation_id	u_correlation_id
severity	u_urgency
id	u_event_id
time	u_time
site_id	u_site
element_id	u_element
entity_ref	u_entity_ref
info	u_info
acknowledged	u_acknowledged
cleared	u_cleared
type	u_type
severity	impact

The following Prisma SD-WAN attributes are translated before converting to the ServiceNow construct:

Entity_Ref

The IDs in the entity_ref are translated to their respective names and a meaningful string is generated that provides the user information about the entity of the alarm

For example, the entity_ref below:

tenants/1083/sites/15282991838450011/elements/15230097588400085/interfaces/15230098062640233"

is translated to the string:

Site: Portland Office
Element: Portland3K-A
Interface: internet1

The ServiceNow CloudBlade does a topology mapping once a week. If new VPN links are created since the last topology mapping, then it may result in certain VPN link IDs not being translated to names.

Info

Similar to entity_ref, the IDs in the info are also translated to their respective names.

Site ID

If a site_id exists in the Prisma SD-WAN event, it is translated to its name before populating the ServiceNow construct with the value.

Element ID

If an element_id exists in the Prisma SD-WAN event, it is also translated to its name before populating the ServiceNow construct with the value.

Severity

In the above example, the Prisma SD-WAN severity is directly mapped to u_urgency. However, this field is also mapped to another attribute named impact. The following translation takes place before the ServiceNow construct is populated.

Prisma SD-WAN Severity	ServiceNow Impact
critical	1 - High
major	2 - Medium
minor	3 - Low

The impact value may change depending on the tags configured at the site and/or element level. More about this feature is discussed in length under the section CloudBlade Advanced Configurations.

Along with the attributes above, the CloudBlade also populates the tenant name in an attribute called company.

Configure ServiceNow CloudBlade in Prisma SD-WAN

Create and Resolve Incidents on ServiceNow

Prisma SD-WAN Docs

Configure ServiceNow

Prisma SD-WAN Docs

Configure ServiceNow

ServiceNow CloudBlade Infrastructure

Query for Events

Convert Prisma SD-WAN Events to ServiceNow Constructs

Activation & Onboarding

SASE

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices

Resources