>
    Strata Copilot
    Configure ServiceNow CloudBlade in Prisma SD-WAN
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. ServiceNow CloudBlade Integration
    4. Configure ServiceNow CloudBlade in Prisma SD-WAN
    Download PDF
    Prisma SD-WAN

    Configure ServiceNow CloudBlade in Prisma SD-WAN

    Table of Contents

    Configure ServiceNow CloudBlade in Prisma SD-WAN

    Learn about the prerequisites and configure ServiceNow CloudBlade in Prisma SD-WAN.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN (Managed by Strata Cloud Manager)
    • Prisma SD-WAN
    • ServiceNow CloudBlade
    Before you configure the ServiceNow CloudBlade, your ServiceNow instance should be configured and ready for integration. The following sections provide information about how to configure ServiceNow CloudBlade in Prisma SD-WAN and the prerequisites that need to be considered while configuring the CloudBlade:
    Prerequisites
    Consider the following key design points before you configure the ServiceNow CloudBlade in Prisma SD-WAN:
    • Build the ServiceNow Table and allocate columns to map mandatory fields such as event code, correlation ID, severity, and incident state.
    • For more meaningful information in the tickets, you can create columns to store fields from the Prisma SD-WAN events such as entity_ref, info, site name, element name, type– if opting to create tickets for both alerts and alarms, cleared, acknowledged.
    • For Circuit Insights, build the ServiceNow Table and allocate columns to map details about the insight, site, circuit, start time, end time and the insight data.
    • ServiceNow CloudBlade communicates with the ServiceNow instance using REST based Table APIs.
    • Create a user that will be used by Prisma SD-WAN to perform CRUD operations on the ServiceNow instance table using the table APIs. Make sure this user has the following privileges: web_service_admin, rest_api_explorer, or admin.
    Configure the Prisma SD-WAN CloudBlade to prepare the Prisma SD-WAN controller for integration as follows:
    1. From the Strata Cloud Manager, navigate to ConfigurationPrisma SD-WANCloudBlades tab.
    2. In CloudBlades, locate the ServiceNow CloudBlade. If this CloudBlade does not appear, contact Palo Alto Networks Support.
      For Insights, look for the ServiceNow - Circuit Insights CloudBlade.
    On the ServiceNow CloudBlade, click Configure to configure ServiceNow parameters.
    Some of the ServiceNow parameters display the column name and not the label, which is typically displayed on the user interface as the column header.
    ServiceNow ParametersDescription
    ServiceNow URLThis field contains the URL that will be used to connect to the ServiceNow instance via the ServiceNow Table APIs. The URL must include the entire domain name and the table name. The URLfollows the following format: https://<domain name>/api/now/table/myTablewhere myTable is the name of the Table on ServiceNow where tickets will be created.
    ServiceNow UsernameIncident tickets on ServiceNow will be created using this User. Make sure that the User has the right set of privileges, especially to make changes to the table via APIs. The ServiceNow Developers document lists the following roles to be assigned to a user: Role required: web_service_admin, rest_api_explorer, or admin
    ServiceNow PasswordPassword for the above user. These credentials will be used by the CloudBlade to create/edit tickets on the ServiceNow instance using the ServiceNow Table APIs.
    Poll IntervalPoll Interval is the interval time in seconds. After you install, the CloudBlade will query the controller for any standing alarms based on the set poll interval.
    Retry AttemptsRetry attempts indicate the number of attempts that happen when a ticket could not be created for an event. Retry attempts can be anywhere between 0 and 5. The default value is 3.
    Exclude Events Raised and Cleared during Poll IntervalWhen this option is checked, the events which are created and cleared (resolved) during the poll interval will not be ticketed in ServiceNow.
    Event CodesThese are event codes used in monitoring and which need incident tickets to be created in ServiceNow. These event codes need to match the Prisma SD-WAN event codes. You can select one or multiple event codes from the drop-down, for example: NETWORK_VPNLINK_DOWN, NETWORK_DIRECTINTERNET_DOWN,NETWORK_DIRECTPRIVATEWAN_DOWN.
    ServiceNow Table Column to Store: EventCodeColumn name on the Incident table to store Prisma SD-WAN event code.
    ServiceNow Table Column to Store: CorrelationIDColumn name on the Incident table to store Prisma SD-WAN event correlation_id.
    ServiceNow Table Column to Store: SeverityColumn name on the Incident table to store Prisma SD-WAN event severity.
    ServiceNow Table Column to Store: EventIDThis is an optional field. This is a Column name on the Incident table to store a Prisma SD-WAN Event ID.
    ServiceNow Table Column to Store: TimeThis is an optional field. This is a Column name on the Incident table to store the Prisma SD-WAN event time.
    ServiceNow Table Column to Store: Site_IDThis is an optional field. This is a Column name on the Incident table to store a Prisma SD-WAN event site_id, which is translated to its site name.
    ServiceNow Table Column to Store: Element_IDThis is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN eventelement_id , which is translated to its device name.
    ServiceNow Table Column to Store: Entity_RefThis is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN evententity_ref, after a name-ID translation.
    ServiceNow Table Column to Store: InfoThis is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN event info, after a name-ID translation.
    ServiceNow Table Column to Store: AcknowledgedThis is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN event acknowledged attribute.
    ServiceNow Table Column to Store: ClearedThis is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN event cleared attribute.
    ServiceNow Table Column to Store: TypeThis is an optional field. This is a Column name on the Incident table to store Prisma SD-WAN event type.
    ServiceNow Table Column to Store: SuppressedThis is an optional field. This is a Column name on the Incident table to store a Prisma SD-WAN event suppressed state.
    ServiceNow Table Column to Store: Suppressed_InfoThis is an optional field. This is a Column name on the Incident table to store a Prisma SD-WAN event suppressed info.
    ServiceNow Table Column to Store: Policy_InfoThis is an optional field. This is a Column name on the Incident table to store a Prisma SD-WAN event policy info.
    ServiceNow Table Column to Store: NotesThis is an optional field. This is a Column name on the Incident table to store the Prisma SD-WAN event notes.
    ServiceNow Table Column to store Incident State This is a mandatory field. This is a Column name to store the state of an incident. This column will be set to Resolved, once the event condition for which the ticket was created is resolved.
    ServiceNow Table: CustomThis is an optional field. This field is for any custom value that you intend to include for every incident ticket. This is typically used by IT organizations to include details about an environment or to include caller information. Enter a value in JSON format for this field i.e. key-value pairsFor example:“caller”: “Prisma SDWAN Auto Ticketing”,“environment”: “Production”
    For Insights, the following columns need to be populated:
    Circuit Insight ParametersDescription
    ServiceNow URLThis field contains the URL that will be used to connect to the ServiceNow instance via the ServiceNow Table APIs. The URL must include the entire domain name and the table name. The URLfollows the following format: https://<domain name>/api/now/table/myTable, where myTable is the name of the Table on ServiceNow where tickets will be created.
    ServiceNow UsernameIncident tickets on ServiceNow will be created using this User. Make sure that the User has the right set of privileges, especially to make changes to the table via APIs. The ServiceNow Developers document lists the following roles to be assigned to a user: Role required: web_service_admin, rest_api_explorer, or admin.
    ServiceNow PasswordPassword for the above user. These credentials will be used by the CloudBlade to create or edit tickets on the ServiceNow instance using the ServiceNow Table APIs.
    Poll IntervalPoll Interval is the interval time in days. After you install, the CloudBlade will query the controller for any circuit insights based on the set poll interval.
    Circuit InsightsThese are circuit insights generated by the Prisma SD-WAN controller for which incident tickets will be created in ServiceNow. You can select one or multiple insights from the drop-down.
    Insight TypeThis is a mandatory field. This is the name of the column where the insight type or the insight name will be stored.
    Site NameThis is a mandatory field. This is the name of the column to store the name of the site where this insight was generated.
    Circuit NameThis is a mandatory field. This is the name of the column to store the name of the circuit where this insight was generated.
    Start TimeThis is a mandatory field. This is the name of the column to store the start time when this insight was detected.
    End TimeThis is a mandatory field. This is the name of the column to store the end time when this insight was detected.
    DirectionThis is a mandatory field. This is the name of the column to store the traffic direction where the insight was observed.
    DataThis is a mandatory field. This is the name of the column to store all the relevant data pertaining to the insight viz, metrics data, top talkers, bw utilization, etc.

    © 2026 Palo Alto Networks, Inc. All rights reserved.