ServiceNow Integration

jbruns2019 · November 4, 2020, 4:33pm

Looking at this for help,
https://elastalert.readthedocs.io/en/latest/ruletypes.html#servicenow

Under ServiceNow

First off, short_description is same meaning as password. Someone may want to update that.

Secondly, is there no way to set description on the incident?

IsabellaApplen · November 4, 2020, 6:10pm

Hi Joe,

PagerDuty does not maintain the ElastAlert documentation, nor can we assume responsibility for how they document their integrations with other platforms.

Regarding your second inquiry, to set the description on a ServiceNow incident that is triggered from PagerDuty, I would suggest constructing an inbound field rule. You can find the inbound field rules in ServiceNow under PagerDuty → Configuration → Inbound Field Rules. You will want to set PagerDuty webhook type to Trigger and ServiceNow incident field to Description. With the Type setting, you can choose between setting a default description or basing the description off of a field in the PagerDuty webhook payload.

I hope this helps!

jbruns2019 · November 4, 2020, 6:29pm

Duh on the elastalert doc.

Got any examples of ServiceNow setups?

IsabellaApplen · November 4, 2020, 6:45pm

Here is an example of an inbound field rule that sets the description based based on a field in the webhook payload. I would suggest taking a look at trigger webhooks in the Webhook Import Rows to see how the alert payloads you’re working with are structured.