This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

    Configure ServiceNow

    Sysdig can be integrated with ServiceNow using a custom webhook.

    ServiceNowSetup

    Prerequisites

    • Have a ServiceNow account set up and working.

    • If necessary, refer to ServiceNow developer documentation here.

    Create Scripted Rest API Details in ServiceNow GUI

    1. Login to ServiceNow (developer entry) and create a Scripted REST API:

    2. Click New and submit the form with the following:

      Name: SysdigAlert API ID: sysdigalert

    3. Return to the Scripted REST APIs and open the resource just created.

      Scroll down to the related list area, select Resources, and click New. This will create a new Scripted REST API resource.

    4. Fill in the Name field e.g. Demo.

    5. Scroll down to Security and clear the checkbox that requires authentication.

    6. Change the HTTP method from GET to POST.

    The resource is created.

    Add Code to the New Scripted API

    Now give the resource the code to execute.

    The default objects to work with in a Scripted REST API Resource are response and request.

    For more details on request and response see Scripted_REST_Request_API and Scripted_REST_Response_API

    The created resource will already have some example code:

    (function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
    
        // implement resource here
    
    })(request, response);
    
    1. Change this default code to:

      (function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
      
       gs.info(request.body.dataString);
      
      })(request, response);
      
    2. Note the following resource path to this newly created resource is now visible: /api/snc/sysdigalert.

      The url to this resource would be https://yourInstance.service-now.com/<resource_Path or https://yourInstance.service-now.com/api/snc/sysdigalert ``

    3. Click Submit/Update on this resource.

    Sysdig Webhook Setup

    Now that the custom API endpoint in ServiceNow is created, you can configure Sysdig alerts to use a custom webhook to trigger the ServiceNow integration.

    API URL: your instance name URL

    Name: ServiceNow (or whatever name you’d like for this Sysdig alert webhook)

    Notify when OK: Optional

    Notify when Resolved: Optional

    Test Notification: Use this toggle and/or set up a test alert as described in the following section.

    Test Integration

    To test if this ServiceNow integration is set up and working correctly, you can set up a test alert to trigger.

    For example, you could create an alert for CPU usage:

    In ServiceNow, navigate to System Log > All to see a sample triggered webhook.