ServiceNow - Create Ticket for Incident
This incident response workflow allows you to create an incident ticket in ServiceNow from a playbook or using an automation rule. When using this workflow in a playbook, the user executes the workflow and a ticket is created. When using this workflow with an incident automation rule, the ticket is created as soon as the workflow is executed. The workflow will also set the XDR incident's status to Incident Reported.
Description
This incident response workflow allows you to create an incident ticket in ServiceNow from a playbook or using an automation rule. When using this workflow in a playbook, the user executes the workflow and a ticket is created. When using this workflow with an incident automation rule, the ticket is created as soon as the workflow is executed. The workflow will also set the XDR incident's status to Incident Reported.
Target: Conure APIs, Platform APIs, Private Intelligence API, ServiceNow
Steps:
- Get the incident summary
- Parse the incident's attributes
- Check if a ticket already exists for this incident:
- If it does, update the workflow results and continue
- If it doesn't:
- Create the ticket and update the workflow result
- Update the incident's external references
- Update the incident's status to Incident Reported
This workflow requires the following targets to be available before it can be run.
Integration targets
- ServiceNow
- Cisco XDR