1. Home
  2. How To ...
  3. How to Add a ServiceNow Webhook Action to an Action Group

How to Add a ServiceNow Webhook Action to an Action Group

Integrating the ServiceNow alerting service into your Netreo monitoring workflow is fairly straightforward. Simply follow the steps below to create a new action group that can alert your ServiceNow account with a custom message of your choice. This action group may then be assigned to the alarm configuration of any monitoring monitoring check.

(Netreo recommends that you create a user in your ServiceNow account specifically for Netreo use.)

First, you’ll have to complete some steps in ServiceNow.

  1. Log into your account at the ServiceNow website.
  2. Make sure Incoming WebHook API Events is enabled for your account.

Now in Netreo.

  1. Go to the main menu and select Administration > Alerts > Actions to open the Actions Administration page.
  2. Select Add A Group.
  3. In the action group configuration dialog:
    1. In the GROUP NAME field enter a name for this action group (for example, “ServiceNowAlert”).
      • No spaces are allowed in action group names.
    2. In the MANUAL ALERT ACCESS LEVEL field select a user access level for this group.
      • This allows users with the selected access level and higher to manually run this action group from within an incident.
    3. Select Add Group.
  4. In the action configuration dialog:
    1. In the ACTION NAME field enter a name for this action (for example, “ServiceNow Action”).
      • Spaces are allowed in action names.
    2. Select Add Action.
  5. In the method configuration dialog:
    1. In the ACTION METHOD TYPE field select Webhook from the pull-down menu.
    2. In the URL field enter: <YOUR CUSTOMER NAME>.service-now.com/api/now/table/incident
    3. In the PAYLOAD field enter something similar to the code in the Payload Code section further down.
      • You can customize the payload to provide values for ServiceNow using any desired Netreo incident macros.
    4. Select Add Method.

Now select this action group in the alarm configuration of a monitoring check. When that check fails and opens an incident, ServiceNow will be alerted according to the Netreo incident state change rules.

Payload Code

Important information about the payload

  • Text contained in angle brackets < > should be replaced with your appropriate values.
    • For the Authorization value, you must provide a Base64-encoded value of the username and password for your ServiceNow account. This value can be created by entering your username and password in the format username:password into https://www.base64encode.org/ (use default settings) to retrieve an encoded blob value.
  • Text contained in curly braces { } represents a Netreo incident macro, and is automatically translated into readable text before the payload is sent. Replace the example macros above with the macros you wish to use. Multiple macros may be included in the same field by separating them with a blank space.
  • Do not include any angle brackets < > in your payload, but do include curly braces { }.
  • When constructing the output for the description value you may include the newline character ( \n ) to place the items that follow it on a new line. This can help make the final output much easier to read.

Payload Example

[header]
{
"Content-Type"  : "application/json",
"Authorization" : "Basic <YOUR BASE64 ENCODED SERVICENOW USERNAME:PASSWORD>"
}
[header]
{
"category"  : "<YOUR CATEGORY>",
"company"  : "<YOUR COMPANY NAME> Netreo",
"number"  : "{INCIDENTID}",
"priority"  : "<YOUR PRIORITY>",
"severity"  : "<YOUR SEVERITY>",
"short_description" : "{SUBJ}",
"cmdb_ci"  : "{HOSTNAME}",
"u_alert_link"  : "{INCIDENT_URL}",
"description"  : "{SUBJ}\n\nHost Name: {HOSTNAME}\nHost Address: {HOSTADDRESS}\nHost State: {HOSTSTATE}\nAlert: {ALERTDESC}\nThreshold Level: {THRESHOLD}\n\nIncidentID:{INCIDENTID}\nIncident State: {APPLICATIONSTATE}{SERVICESTATE}\n\n{OUTPUT}\n\nHost Note:{HOSTNOTE}\n"
}

Recommended general settings are to set priority to 3 and severity to 2, but this will vary based on your specific response policies and implementation. If you want different alerts to go out with different priority/severity levels, you can create separate action groups to easily accomplish this.

An example payload in the method configuration dialog.
Caution

The characters used in a JSON object must be the acceptable versions of those characters, with no formatting. Please ensure your JSON array is valid by testing it at https://jsonlint.com/.

Updated on October 14, 2020

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support

Leave a Reply