Custom Webhook for ServiceNow

Sysdig can be integrated with ServiceNow by using a custom webhook.

Configure ServiceNow

Prerequisites

Have a ServiceNow account set up and working.
See the ServiceNow developer documentation.

Create Scripted Rest API Details in ServiceNow GUI

Login to ServiceNow (developer entry) and create a Scripted REST API:
Click New and submit the form with the following:
Name: Specify the Sysdig alert associated with the notification.
API ID: Specify the API ID.
Return to the Scripted REST APIs and open the resource just created.
Scroll down to the related list area, select Resources, and click New. This will create a new Scripted REST API resource.
Fill in the Name field. In this example, we chose “Demo”.
Scroll down to Security and clear the checkbox that requires authentication.
Change the HTTP method from GET to POST.

The resource is created.

Add Code to the New Scripted API

Now give the resource the code to execute.

The default objects to work with in a Scripted REST API Resource are response and request.

For more details on request and response see Scripted Rest APIs.

The created resource will already have some example code:

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {

    // implement resource here

})(request, response);

Change this default code to:

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {

 gs.info(request.body.dataString);

})(request, response);

Note the following resource path to this newly created resource is now visible: /api/snc/sysdigalert.
The url to this resource would be https://yourInstance.service-now.com/resource-path or https://yourInstance.service-now.com/api/snc/sysdigalert
Click Submit/Update on this resource.

Configure Sysdig Webhook

Now that the custom API endpoint in ServiceNow is created, you can configure Sysdig alerts to use a custom webhook to trigger the ServiceNow integration.

In Sysdig Monitor, complete steps 1-3 in Set Up a Notification Channel and choose Custom Webhook.
Fill out the form.

URL: Your instance name URL.

Name: Choose a meaningful name, for example, “ServiceNow”.

Notify when Resolved: Use this toggle to choose whether you want to receive a notification when the alert condition is no longer triggered.

Notify when Acknowledged: Use this toggle to choose whether you want to receive a notification when the alert is manually acknowledged.

Test Notification: Use this toggle and/or set up a test alert as described in the following section.

Test Integration

To test if this ServiceNow integration is working correctly, you can set up a test alert to trigger.

For example, you could create an alert for CPU usage:

In ServiceNow, navigate to System Log > All to see a sample triggered webhook.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.