ServiceNow - Create or Update Ticket for Incident
This incident response workflow allows you to create or update an incident ticket in ServiceNow from a playbook or using an automation rule.
Description
This incident response workflow allows you to create or update an incident ticket in ServiceNow from a playbook or using an automation rule. When using this workflow in a playbook, the user executes the workflow and an incident is created or updated. When using this workflow with an incident automation rule, the incident is created or updated as soon as the workflow is executed. The workflow will also set the XDR incident's status to "Open: Reported".
Target: Conure APIs, Platform APIs, Private Intelligence API, ServiceNow
Steps:
- Fetch the incident summary
- Parse the incident's attributes
- Check if an incident already exists in ServiceNow for this Cisco XDR incident:
- If it does, update the ServiceNow incident's description and continue
- If it doesn't, create a new ServiceNow incident and update the XDR incident's external references
- Add a work note to the ServiceNow incident with observable actions taken
- Make sure the XDR incident's status is "Open: Reported"
This workflow requires the following targets to be available before it can be run.
Integration targets
- Cisco XDR
- ServiceNow