Learn to create and resolve incidents on ServiceNow.
Where Can I Use This?
What Do I Need?
Strata Cloud Manager
Prisma SD-WAN license
ServiceNow CloudBlade
Once all the Prisma SD-WAN attributes are translated and
populated into the ServiceNow construct, a session is established with the ServiceNow
instance configured in the CloudBlade using Basic HTTP Authentication. An incident
ticket is created where the Prisma SD-WAN Event attributes are mapped to
ServiceNow table columns. Upon successful ticket creation, ServiceNow returns HTTP code
201 – Created and the response package contains the incident ticket number.
This incident ticket number is stored locally in a database and mapped to the Prisma SD-WANevent_id.
Resolve Incident in ServiceNow
When an event clears on Prisma SD-WAN, the CloudBlade
retrieves the incident ticket number from the local database and sets the ticket as
Resolved. In the above example, the column
u_incident_state is configured to store the incident
state and will be set to the value Resolved. IT Operators
managing ServiceNow tickets use this column as a filtering mechanism and can choose
to ignore tickets marked as Resolved.
The incident on ServiceNow is updated any time there is an update on the following
Prisma SD-WAN event parameters:
acknowledged
suppressed
notes
cleared
ServiceNow Advanced Configurations
To Manage Incident Impact, all Prisma SD-WAN events have a severity associated with them.
Information on event severity can be found in the Alerts and Alarms
section in the Prisma SD-WAN Administrator’s Guide.
However, incidents generated from certain sites or devices may have a higher or
lower impact than the Prisma SD-WAN event severity. To handle such
scenarios, the ServiceNow CloudBlade makes use of tags that can be configured at the
site and device level to adjust the impact mapping in ServiceNow.
The tags snow-high, snow-med, and
snow-low can be used to adjust impact of events generated
from sites and/or elements. If any of these tags are configured at the site or
device, all events generated from that particular site or device will have the
corresponding impact.
Alarm Severity
Site/Element Tag
Modified Impact
critical, major, minor
snow-high
1 - High
critical, major, minor
snow-med
2 - Medium
critical, major, minor
snow-low
3 - Low
Block Incident Creation
When the snow-block tag is configured at the site or device,
the Cloudblade will not forward any event generated from those sites or elements to
ServiceNow.