.png?sv=2019-07-07&sig=skBmVgRxUnADlY2d9rEqQSeObV7uesanfWbskkv1gbY%3D&spr=https%2Chttp&st=2023-09-29T10%3A43%3A40Z&se=2023-09-29T10%3A53%3A40Z&srt=o&ss=b&sp=r){kind=logo}
Cherwell IT Service Management - Create Incident per Asset
- 27 Mar 2023
- 4 Minutes to read
- Print
- DarkLight
- PDF
Cherwell IT Service Management - Create Incident per Asset
- Updated on 27 Mar 2023
- 4 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Cherwell IT Service Management - Create Incident per Asset (Create Cherwell Incident per Entity) creates an incident in Cherwell for each for each of the entities that are the result of the saved query supplied as a trigger (or devices selected in the asset table).
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapter Fetch History and Asset Investigation Modules
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
Use stored credentials from the Cherwell adapter - Select this option to use the first connected Cherwell adapter credentials.
NOTE
- To use this option, you must successfully configure a Cherwell IT Service Management adapter connection.
- The user name and the password used for the adapter connection must be user with permissions to create new incidents.
Required Fields
These fields must be configured to run the Enforcement Set.
Incident description - Specify an incident description.
Priority (required, default: 5) - Specify the incident priority.
Instance Name - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
These fields are optional.
Cherwell Domain - The hostname or IP address of the Cherwell server.
NOTEIf Use stored credentials from the Cherwell adapter is disabled, this field is required.User Name and Password - The user name and the password of a user with permissions to create new incidents.
NOTEIf Use stored credentials from the Cherwell adapter is disabled, this field is required.Client ID - Enter the client ID created in the CSM Administrator. For details, see Cherwell - Obtaining API Client IDs.
NOTEIf Use stored credentials from the Cherwell adapter is disabled, this field is required.Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Cherwell Domain.
- If supplied, Axonius will utilize the proxy when connecting to the value supplied in Cherwell Domain.
- If not supplied, Axonius will connect directly to the value supplied in Cherwell Domain.
Sleep 1 second every token request - Select this option to wait before sending authentication tokens.
Short description - Specify the incident title.
Add default incident description - Select whether to send the incident description to Cherwell.
- If enabled, Axonius will include the default incident description (mentioned below) in the Cherwell incident.
- If disabled, Axonius will not include the default incident description (mentioned below) in the Cherwell incident.
Message example:
Alert - "test" for the following query has been triggered: Missing SophosAlert Details
The alert was triggered because: The number of entities is above 0
The number of devices returned by the query:4
The previous number of devices was:4You can view the query and its results here: https://demo-latest.axonius.com/devices?view=Missing Sophos
Customer display name - Specify the customer display name.
Multiple optional incident related settings :
- Source
- Service
- Category
- Subcategory
- Incident type
- Status
NOTESince the valid values of the different parameters are customer specific, Axonius does not validate any of those parameters values. You must make sure inserted values are correct, otherwise, the request might fail.Additional fields (optional, default: empty) - Specify additional fields to be added as part of the incident as key/value pairs in a JSON format. For example: {"field1": "value1", "field2": "value2"}.
- If supplied, Axonius will add the specified fields and values to the created incident. If one of the specified fields is invalid, the request might fail.
- If not supplied, Axonius will not add any additional fields to the created incident.
- Axonius to Cherwell field mapping - Use to map Axonius fields to the CMDB fields. The input should be key/value pairs in a JSON format.
For example: {'axonius_field1:servicenow_field1, axonius_field2:servicenow_field2}
For more details about other Enforcement Actions available, see Action Library.