Create ServiceNow Incident
  • 1 minute to read
  • Print
  • Share
  • Dark
    Light

Create ServiceNow Incident

  • Print
  • Share
  • Dark
    Light

The Create ServiceNow Incident action creates an incident in ServiceNow for all relevant entities.

To configure the Create ServiceNow Incident action, do as follows:

  1. From the Action Library, click Create Incident, and then click Create ServiceNow Incident.

image.png

image.png

  1. Define a unique action name.
  2. To use the first connected ServiceNow adapter credentials, select the Use ServiceNow Adapter checkbox. Otherwise, provide credentials to connect to ServiceNow: domain, user name, and password.
    NOTE
    To use this option, you must successfully configure a ServiceNow adapter connection.
  3. You can configure whether to verify SSL connection. By default, verify SSL checkbox is selected.
  4. You can configure to connect to a proxy instead of directly connecting it to the domain.
  5. Provide the following mandatory information regarding the incident:
    • Incident Short Description - The incident title.
    • Message Severity - Info / warning / error.
    • Incident Description - A description of the incident.
  6. If Add Query Name to Incident Short Description is enabled, the name of the saved query defined as the trigger for the enforcement set will be appended to the short description of the created incident.
  7. To send the incident description, check the Add Incident Description Default checkbox.
    The incident description message includes the Enforcement Set name and the triggered query, the condition for executing the Enforcement, if such exists, and number of current and previous results.
  8. Provide additional optional information regarding the incident: Incident Type, Caller ID, Requested for, Symptom, Assignment Group, Category and Subcategory.
NOTE
Since the valid values of the different parameters are customer-specific, Axonius does not validate any of those parameters values. You must make sure inserted values are correct, otherwise, the request might fail.

Message example:
Alert - "test" for the following query has been triggered: Missing Sophos

Alert Details
The alert was triggered because: The number of entities is above 0
The number of devices returned by the query:4
The previous number of devices was:4

You can view the query and its results here: https://demo-latest.axonius.com/devices?view=Missing Sophos
8. Save the action.



For more details on other Enforcements available actions, see Action Library.
For more details on Enforcement Set configuration, see Enforcement Set configuration.

Was this article helpful?