Create ServiceNow Incident
- 1 minute to read
The Create ServiceNow Incident action creates an incident in ServiceNow for all relevant entities.
To configure the Create ServiceNow Incident action, do as follows:
- From the Action Library, click Create Incident, and then click Create ServiceNow Incident.
- Define a unique action name.
- To use the first connected ServiceNow adapter credentials, select the Use ServiceNow Adapter checkbox. Otherwise, provide credentials to connect to ServiceNow: domain, user name, and password.NOTETo use this option, you must successfully configure a ServiceNow adapter connection.
- You can configure whether to verify SSL connection. By default, verify SSL checkbox is selected.
- You can configure to connect to a proxy instead of directly connecting it to the domain.
- Provide the following mandatory information regarding the incident:
- Incident Short Description - The incident title.
- Message Severity - Info / warning / error.
- Incident Description - A description of the incident.
- If Add Query Name to Incident Short Description is enabled, the name of the saved query defined as the trigger for the enforcement set will be appended to the short description of the created incident.
- To send the incident description, check the Add Incident Description Default checkbox.
The incident description message includes the Enforcement Set name and the triggered query, the condition for executing the Enforcement, if such exists, and number of current and previous results.
- Provide additional optional information regarding the incident: Incident Type, Caller ID, Requested for, Symptom, Assignment Group, Category and Subcategory.
Alert - "test" for the following query has been triggered: Missing Sophos
The alert was triggered because: The number of entities is above 0
The number of devices returned by the query:4
The previous number of devices was:4
You can view the query and its results here: https://demo-latest.axonius.com/devices?view=Missing Sophos
8. Save the action.