Integration with Service Now

This plugin enables the automatic creation, update and closure of Service Now incidents from Pandora FMS.

Introduction and operation

This plugin enables the automatic creation, update and closure of Service Now incidents from Pandora FMS. 

Creation of incidents

In case an altered status (e.g. Critical, Warning) is detected for the modules configured in Pandora, the integration plugin will be executed to create an incident in Service Now, or to update it in case it already exists.

The information used to create the incidents in Service Now is:

When the incident is created, Pandora stores its ID in the custom_id field of the affected module for its later use in updates or for its closing. This implies that each module can only have one open incident in Service Now.

Update of incidences

In case the plugin acts on a module that already has an issue registered in its custom_id, this reference is taken to update the open ticket, which can:

Closing of incidents

The integration can also be used to close incidents associated to modules, as long as they have an incident ID in their custom_id. In this case the purpose of such execution is the validation of the issue in Service Now. For this purpose the plugin:

The flow for creating and updating requests is shown in the diagram below.

 

Integration configuration

Pandora FMS prerequisites

For the integration to work properly:

The Pandora FMS user used must have, at least, AW access (Agent Write) on the group of agents that are going to trigger the alerts.

Plugin options

Complete example of a manual call to open (or update) incidents:

pandora_sn_ticket.64 --Action 'create' --Auth 'basic' --Host 'https://my-service-now.com:1234' –-HostAPIUrl '/api/customer/incident_integration/' --PandoraAPI 'http://192.168.1.1/pandora_console/include/api.php' --User 'sn-user' --Pass 'sn-pass' --PandoraUser 'pandora_user' --PandoraPass 'pandora_pass' --PandoraAPIPass 'pandora_apipass' --Asset 'MYSERVER' --Agent 'MYSERVER' --Module 'CPU Load' --IdModule '12345' --Group 'infrastructure' --Impact '1' --Title 'Host MYSERVER is overloaded' --Message '2024/10/22 09:16:53 - Host MYSERVER CPU usage is too high - Data: 97% - Module status: critical' --Log '/tmp/pandora_sn.log'

Complete example of manual call for incident closure:

/pandora/pandora_sn_ticket.64 --Auth 'basic' --Host 'https://my-service-now.com:1234' –-HostAPIUrl '/api/customer/incident_integration/' --PandoraAPI 'http://192.168.1.1/pandora_console/include/api.php' --User 'sn-user' --Pass 'sn-pass' --PandoraUser 'pandora_user' --PandoraPass 'pandora_pass' --PandoraAPIPass 'pandora_apipass' --Module 'CPU Load' --IdModule '12345' --Message '2024/10/22 14:04:17 - Host MYSERVER CPU usage is OK now - Data: 24% - Module status: normal' --State '1' [--Log '/tmp/pandora_sn.log']


Examples of alerts

Below are a couple of examples of alert configuration: opening and closing of events, which will be separated into two commands and two different actions.

In order to make the integration more flexible, it is recommended to use macros in the fields of the commands that need dynamic information. In this case, macros for agent, module and module ID aliases (_agent_, _module_, _id_module_) are used, as well as alert-specific macros (_fieldx_) to facilitate the customization of actions.

Creation/updating of incidents (high priority)

Command


Ejemplo de comando de alerta para crear incidencias

Action

Example of alert action to create incidents

Closing of incidents

Command

Example of alert command to close incidents



Action

Example of alert action to close incidents