Prisma SD-WAN
Configure ServiceNow CloudBlade in Prisma SD-WAN
Table of Contents
Configure ServiceNow CloudBlade in Prisma SD-WAN
Learn about the prerequisites and configure ServiceNow CloudBlade in Prisma
SD-WAN.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Before you configure the ServiceNow CloudBlade, your ServiceNow instance
should be configured and ready for integration. The following sections provide
information about how to configure ServiceNow CloudBlade in Prisma SD-WAN and the prerequisites that need to be considered while
configuring the CloudBlade:
PrerequisitesConsider the following key design points before you configure the
ServiceNow CloudBlade in Prisma SD-WAN:
- Build the ServiceNow Table and allocate columns to map mandatory fields such as event code, correlation ID, severity, and incident state.
- For more meaningful information in the tickets, you can create columns to store fields from the Prisma SD-WAN events such as entity_ref, info, site name, element name, type– if opting to create tickets for both alerts and alarms, cleared, acknowledged.
- For Circuit Insights, build the ServiceNow Table and allocate columns to map details about the insight, site, circuit, start time, end time and the insight data.
- ServiceNow CloudBlade communicates with the ServiceNow instance using REST based Table APIs.
- Create a user that will be used by Prisma SD-WAN to perform CRUD operations on the ServiceNow instance table using the table APIs. Make sure this user has the following privileges: web_service_admin, rest_api_explorer, or admin.
Configure the Prisma SD-WAN CloudBlade to prepare the Prisma SD-WAN controller for integration as follows:
- From the Strata Cloud Manager, navigate to tab.
![]()
In CloudBlades, locate the ServiceNow CloudBlade. If this CloudBlade does not appear, contact Palo Alto Networks Support.For Insights, look for the ServiceNow - Circuit Insights CloudBlade.On the ServiceNow CloudBlade, click Configure to configure ServiceNow parameters.Some of the ServiceNow parameters display the column name and not the label, which is typically displayed on the user interface as the column header.ServiceNow Parameters Description ServiceNow URL This field contains the URL that will be used to connect to the ServiceNow instance via the ServiceNow Table APIs. The URL must include the entire domain name and the table name. The URLfollows the following format: https://<domain name>/api/now/table/myTablewhere myTable is the name of the Table on ServiceNow where tickets will be created. ServiceNow Username Incident tickets on ServiceNow will be created using this User. Make sure that the User has the right set of privileges, especially to make changes to the table via APIs. The ServiceNow Developers document lists the following roles to be assigned to a user: Role required: web_service_admin, rest_api_explorer, or admin ServiceNow Password Password for the above user. These credentials will be used by the CloudBlade to create/edit tickets on the ServiceNow instance using the ServiceNow Table APIs. Poll Interval Poll Interval is the interval time in seconds. After you install, the CloudBlade will query the controller for any standing alarms based on the set poll interval. Retry Attempts Retry attempts indicate the number of attempts that happen when a ticket could not be created for an event. Retry attempts can be anywhere between 0 and 5. The default value is 3. Exclude Events Raised and Cleared during Poll Interval When this option is checked, the events which are created and cleared (resolved) during the poll interval will not be ticketed in ServiceNow. Event Codes These are event codes used in monitoring and which need incident tickets to be created in ServiceNow. These event codes need to match the Prisma SD-WAN event codes. You can select one or multiple event codes from the drop-down, for example: NETWORK_VPNLINK_DOWN, NETWORK_DIRECTINTERNET_DOWN,NETWORK_DIRECTPRIVATEWAN_DOWN. ServiceNow Table Column to Store: EventCode Column name on the Incident table to store Prisma SD-WAN event code. ServiceNow Table Column to Store: CorrelationID Column name on the Incident table to store Prisma SD-WAN event correlation_id. ServiceNow Table Column to Store: Severity Column name on the Incident table to store Prisma SD-WAN event severity. ServiceNow Table Column to Store: EventID This is an optional field. This is a Column name on the Incident table to store a Prisma SD-WAN Event ID. ServiceNow Table Column to Store: Time This is an optional field. This is a Column name on the Incident table to store the Prisma SD-WAN event time. ServiceNow Table Column to Store: Site_ID This is an optional field. This is a Column name on the Incident table to store a Prisma SD-WAN event site_id, which is translated to its site name. ServiceNow Table Column to Store: Element_ID This is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN eventelement_id , which is translated to its device name. ServiceNow Table Column to Store: Entity_Ref This is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN evententity_ref, after a name-ID translation. ServiceNow Table Column to Store: Info This is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN event info, after a name-ID translation. ServiceNow Table Column to Store: Acknowledged This is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN event acknowledged attribute. ServiceNow Table Column to Store: Cleared This is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN event cleared attribute. ServiceNow Table Column to Store: Type This is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN event type. ServiceNow Table Column to Store: Suppressed This is an optional field. This is a Column name on the Incident table to store a Prisma SD-WAN event suppressed state. ServiceNow Table Column to Store: Suppressed_Info This is an optional field. This is a Column name on the Incident table to store a Prisma SD-WAN event suppressed info. ServiceNow Table Column to Store: Policy_Info This is an optional field. This is a Column name on the Incident table to store a Prisma SD-WAN event policy info. ServiceNow Table Column to Store: Notes This is an optional field. This is a Column name on the Incident table to store the Prisma SD-WAN event notes. ServiceNow Table Column to store Incident State This is a mandatory field. This is a Column name to store the state of an incident. This column will be set to Resolved, once the event condition for which the ticket was created is resolved. ServiceNow Table: Custom This is an optional field. This field is for any custom value that you intend to include for every incident ticket. This is typically used by IT organizations to include details about an environment or to include caller information. Enter a value in JSON format for this field i.e. key-value pairsFor example:“caller”: “Prisma SDWAN Auto Ticketing”,“environment”: “Production” For Insights, the following columns need to be populated:Circuit Insight Parameters Description ServiceNow URL This field contains the URL that will be used to connect to the ServiceNow instance via the ServiceNow Table APIs. The URL must include the entire domain name and the table name. The URLfollows the following format: https://<domain name>/api/now/table/myTable, where myTable is the name of the Table on ServiceNow where tickets will be created. ServiceNow Username Incident tickets on ServiceNow will be created using this User. Make sure that the User has the right set of privileges, especially to make changes to the table via APIs. The ServiceNow Developers document lists the following roles to be assigned to a user: Role required: web_service_admin, rest_api_explorer, or admin. ServiceNow Password Password for the above user. These credentials will be used by the CloudBlade to create or edit tickets on the ServiceNow instance using the ServiceNow Table APIs. Poll Interval Poll Interval is the interval time in days. After you install, the CloudBlade will query the controller for any circuit insights based on the set poll interval. Circuit Insights These are circuit insights generated by the Prisma SD-WAN controller for which incident tickets will be created in ServiceNow. You can select one or multiple insights from the drop-down. Insight Type This is a mandatory field. This is the name of the column where the insight type or the insight name will be stored. Site Name This is a mandatory field. This is the name of the column to store the name of the site where this insight was generated. Circuit Name This is a mandatory field. This is the name of the column to store the name of the circuit where this insight was generated. Start Time This is a mandatory field. This is the name of the column to store the start time when this insight was detected. End Time This is a mandatory field. This is the name of the column to store the end time when this insight was detected. Direction This is a mandatory field. This is the name of the column to store the traffic direction where the insight was observed. Data This is a mandatory field. This is the name of the column to store all the relevant data pertaining to the insight viz, metrics data, top talkers, bw utilization, etc.
