Prisma SD-WAN
Configure ServiceNow
Table of Contents
Configure ServiceNow
Go through the following sections which provide information about the Prisma SD-WAN ServiceNow CloudBlade configuration infrastructure, Event
queries, and how to convert events to ServiceNow constructs.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The following sections provide information about the Prisma SD-WAN
ServiceNow CloudBlade configuration:
ServiceNow CloudBlade Infrastructure
Once the CloudBlade configuration parameters are set up and the
CloudBlade is installed, the CloudBlade infrastructure will perform the following
tasks:
- Extract configuration parameters received from the CloudBlade
- Query for events based on the event codes provided
- Create or resolve existing tickets
- Wait until poll_interval for next iteration
Query for Events
Once the ServiceNow configuration is extracted, the CloudBlade queries
for events using the following API query:
events_query_payload = { "limit": { "count": 100, "sort_on": "time", "sort_order": "descending" }, "query": { "code": event_codes }, "severity": [], "start_time":start_time}
Here, the event_codes is a list of event codes configured on
the UI. Once the events are retrieved, they are mapped against an internal database
to check if a ticket is already created in ServiceNow. If the event is cleared and a
ticket exists, the ticket is set to Resolved in ServiceNow.
If the ticket does not exist on ServiceNow, the event is ignored. If the clear is
set to False, a new ticket is created in ServiceNow.
Convert Prisma SD-WAN Events to ServiceNow Constructs
Before a ticket is created on ServiceNow, the Prisma SD-WAN event JSON is converted to a data structure understood by the ServiceNow
instance. This mapping is dependent on the parameters configured on the CloudBlade.
For example, the CloudBlade configuration below is translated in the following
manner:
| Prisma SD-WAN Event Attributes | ServiceNow Construct |
|---|---|
| code | u_code |
| correlation_id | u_correlation_id |
| severity | u_urgency |
| id | u_event_id |
| time | u_time |
| site_id | u_site |
| element_id | u_element |
| entity_ref | u_entity_ref |
| info | u_info |
| acknowledged | u_acknowledged |
| cleared | u_cleared |
| type | u_type |
| severity | impact |
The following Prisma SD-WAN attributes are translated before
converting to the ServiceNow construct:
Entity_Ref
The IDs in the entity_ref are translated to their respective names and a meaningful
string is generated that provides the user information about the entity of the
alarm
For example, the entity_ref below:
tenants/1083/sites/15282991838450011/elements/15230097588400085/interfaces/15230098062640233"
is translated to the string:
Site: Portland Office Element: Portland3K-A Interface: internet1
The ServiceNow CloudBlade does a topology mapping once a week. If new VPN links
are created since the last topology mapping, then it may result in certain VPN
link IDs not being translated to names.
Info
Similar to entity_ref, the IDs in the info are also translated to their respective
names.
Site ID
If a site_id exists in the Prisma SD-WAN event,
it is translated to its name before populating the ServiceNow construct with the
value.
Element ID
If an element_id exists in the Prisma SD-WAN event, it is also
translated to its name before populating the ServiceNow construct with the
value.
Severity
In the above example, the Prisma SD-WAN
severity is directly mapped to
u_urgency. However, this field is also mapped to another
attribute named impact. The following translation takes place
before the ServiceNow construct is populated.
| Prisma SD-WAN Severity | ServiceNow Impact |
|---|---|
| critical | 1 - High |
| major | 2 - Medium |
| minor | 3 - Low |
The impact value may change depending on the tags configured at the site and/or
element level. More about this feature is discussed in length under the section
CloudBlade Advanced Configurations.
Along with the attributes above, the CloudBlade also populates the tenant name in an
attribute called company.