ServiceNow - Update Tickets

ServiceNow - Update Tickets modifies existing tickets in ServiceNow that are related to:

Assets matching the Enforcement Set query or assets selected on the relevant asset page. For example, if the action is triggered on asset type=Users, the action updates tickets linked to each user.
- When triggered on any asset type except Tickets (for example, Users, Devices), this action updates related ServiceNow tickets based on your selection in the Select Which Related Tickets To Update dropdown (see below).
- When triggered on asset type=Tickets, this action runs on all tickets resulting from the selected query. The Select Which Related Tickets To Update dropdown is not applicable in this scenario.

📘
Note
The ServiceNow API returns a 200 status code upon successful procession of the request. However, if the syntax of a field like incident_state is incorrect (for example, has a lowercase first letter), the update fails without any error message from the API. Therefore, it is crucial to ensure that all field values passed to ServiceNow adhere to the correct syntax. To mitigate this, you can write a JSON expression in Additional fields (json format) under the Additional Fields section below to precisely define the values being sent, including case sensitivity.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

📘
Note:

Not all asset types are supported for all Enforcement Actions.

See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.

See Actions supported for Vulnerabilities.

See Actions supported for Software.

Required Fields

These fields must be configured to run the Enforcement Set.

Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Use stored credentials from ServiceNow adapter - Select this option to use the ServiceNow connected adapter credentials.
- When you select this option, the Select Adapter Connection dropdown is available, and you can choose the adapter connection to use for this Enforcement Action.

📘
Note
To use this option, you must successfully configure a ServiceNow adapter connection.

Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Working with Axonius Compute Nodes.

Connection And Credentials

These fields are optional.

💡
Connection and Credentials

When Use stored credentials from the adapter is toggled off, some of the connection fields below are required to create the connection, while other fields are optional.

ServiceNow Domain - The full URL of your ServiceNow server.

User Name and Password - The credentials of a ServiceNow account with the Required Permissions to perform this action.

Client ID and Client Secret - The OAuth Client ID and Client Secret for OAuth access to ServiceNow. Refer to OAuth 2.0 with Inbound REST for full details on how to obtain the OAuth Token.

Refresh Token - When using OAuth authentication, enter the Refresh Token issued by your ServiceNow instance.

Apigee URL - The URL of the domain to which the GET request is sent to acquire an APIgee token (if applicable).

Resource Apigee - The specific resources you want the APIgee token to grant access to (if applicable).

Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

Ticket Additional Settings

These fields are optional.

Additional fields (json format) - Specify additional ServiceNow fields and their values as key/value pairs in JSON format. This is particularly useful for setting fields that are not explicitly listed above or for ensuring the correct syntax (including case sensitivity) of values such as incident_state.

Example:
```
 { "close_notes" : "Vulnerability Remediated by Axonius EC Action",
"incident_state" : "Resolved",   
 "close_code": "Duplicate" }
```
Map Axonius fields to vendor fields - Use the Field Mapping Wizard to map Axonius fields to fields in external systems. In this way, you can transfer data found in Axonius into the external system as part of the configuration of relevant enforcement actions. The wizard shows you which fields exist on the Axonius system, allowing you to map them easily.

📘
Note:
For details, see Axonius to External Field Mapping.

📘
Note
When Fetch dynamic dropdown values is enabled for the ServiceNow adapter connection, Placeholder text fields (within the Field Mapping Wizard) will be populated with the available field names from ServiceNow.

Ticket Main Settings

These fields are optional.

Ticket Status - The status to set for the ServiceNow ticket.

📘
Note
To populate the available options in the Ticket Status dripdown directly from the ServiceNow adapter, enable the Fetch dynamic dropdown values option in your ServiceNow adapter's Advanced Configuration.

Ticket Assignee - The ServiceNow user assigned to process the ticket.
Ticket Comments - Free-form text to add as a comment in the ServiceNow ticket.

Select Which Related Tickets To Update - Relevant when this enforcement action runs on an asset category other than Tickets. Select one of the options:
- All Related Tickets - Updates all tickets linked to each asset resulting from the selected query.
- Last Created Ticket - Updates only the most recently created ticket linked to each asset resulting from the selected query.

For more details about other Enforcement Actions available, see Action Library.

Updated about 11 hours ago