Focus

Prisma SD-WAN

Create and Resolve Incidents on ServiceNow

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Activation & Onboarding
Administration
CloudBlades
Select a Document
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Select a Document
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed

Configure ServiceNow

Monitor ServiceNow Status in Prisma SD-WAN

Create and Resolve Incidents on ServiceNow

Learn to create and resolve incidents on ServiceNow.

Where Can I Use This?	What Do I Need?
Strata Cloud Manager	Prisma SD-WAN license ServiceNow CloudBlade

Once all the Prisma SD-WAN attributes are translated and populated into the ServiceNow construct, a session is established with the ServiceNow instance configured in the CloudBlade using Basic HTTP Authentication. An incident ticket is created where the Prisma SD-WAN Event attributes are mapped to ServiceNow table columns. Upon successful ticket creation, ServiceNow returns HTTP code 201 – Created and the response package contains the incident ticket number.

This incident ticket number is stored locally in a database and mapped to the Prisma SD-WAN event_id.

Resolve Incident in ServiceNow

When an event clears on Prisma SD-WAN, the CloudBlade retrieves the incident ticket number from the local database and sets the ticket as Resolved. In the above example, the column u_incident_state is configured to store the incident state and will be set to the value Resolved. IT Operators managing ServiceNow tickets use this column as a filtering mechanism and can choose to ignore tickets marked as Resolved.

The incident on ServiceNow is updated any time there is an update on the following Prisma SD-WAN event parameters:

acknowledged
suppressed
notes
cleared

ServiceNow Advanced Configurations

To Manage Incident Impact, all Prisma SD-WAN events have a severity associated with them. Information on event severity can be found in the Incidents & AlertsGuide. However, incidents generated from certain sites or devices may have a higher or lower impact than the Prisma SD-WAN event severity. To handle such scenarios, the ServiceNow CloudBlade makes use of tags that can be configured at the site and device level to adjust the impact mapping in ServiceNow.

The tags snow-high, snow-med, and snow-low can be used to adjust impact of events generated from sites and/or elements. If any of these tags are configured at the site or device, all events generated from that particular site or device will have the corresponding impact.

Alarm Severity	Site/Element Tag	Modified Impact
critical, major, minor	snow-high	1 - High
critical, major, minor	snow-med	2 - Medium
critical, major, minor	snow-low	3 - Low

Block Incident Creation

When the snow-block tag is configured at the site or device, the Cloudblade will not forward any event generated from those sites or elements to ServiceNow.

Configure ServiceNow

Monitor ServiceNow Status in Prisma SD-WAN

Prisma SD-WAN Docs

Create and Resolve Incidents on ServiceNow

Prisma SD-WAN Docs

Create and Resolve Incidents on ServiceNow

Resolve Incident in ServiceNow

ServiceNow Advanced Configurations

Activation & Onboarding

SASE

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices

Resources