Once the ServiceNow configuration is
extracted, the CloudBlade queries for events using the following
API query:
events_query_payload = {
"limit":
{
"count": 100,
"sort_on": "time",
"sort_order": "descending"
},
"query": {
"code": event_codes
},
"severity": [],
"start_time":start_time}
Here, the event_codes is a list of event
codes configured on the UI. Once the events are retrieved, they
are mapped against an internal database to check if a ticket is
already created in ServiceNow. If the event is cleared and a ticket
exists, the ticket is set to Resolved in
ServiceNow. If the ticket does not exist on ServiceNow, the event
is ignored. If the clear is set to False, a new ticket is created
in ServiceNow.