Create and Resolve Incidents on ServiceNow

When an event clears on Prisma SD-WAN, the CloudBlade retrieves the incident ticket number from the local database and sets the ticket as Resolved. In the above example, the column u_incident_state is configured to store the incident state and will be set to the value Resolved. IT Operators managing ServiceNow tickets use this column as a filtering mechanism and can choose to ignore tickets marked as Resolved.

The incident on ServiceNow is updated any time there is an update on the following Prisma SD-WAN event parameters:

To Manage Incident Impact, all Prisma SD-WAN events have a severity associated with them. Information on event severity can be found in the Alerts and Alarms section in the Prisma SD-WAN Administrator’s Guide. However, incidents generated from certain sites or devices may have a higher or lower impact than the Prisma SD-WAN event severity. To handle such scenarios, the ServiceNow CloudBlade makes use of tags that can be configured at the site and device level to adjust the impact mapping in ServiceNow.

The tags snow-high, snow-med, and snow-low can be used to adjust impact of events generated from sites and/or elements. If any of these tags are configured at the site or device, all events generated from that particular site or device will have the corresponding impact.

When the snow-block tag is configured at the site or device, the Cloudblade will not forward any event generated from those sites or elements to ServiceNow.