Notification channel: ServiceNow

Sysdig can be integrated with ServiceNow using a custom webhook. There is some preparation required which this doc covers.

ServiceNow setup

Login to ServiceNow and create a Scripted REST API

image1.png

Click New and submit the form with the following:

Name - SysdigAlert
API ID - sysdigalert

image12.png

Return to the Scripted REST APIs and open the resource we just created. Scroll down to the related list area and select Resources and click New

image5.png

This will create a new Scripted REST API resource. Fill in the Name field e.g. Alerts

image13.png

Scroll down to Security and clear the checkbox that requires authentication.

image9.png

Next, change the HTTP method from GET to POST

image7.png

The resource is created and now we have to give the resource the code to execute. The resource we created will already have some example code:

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {  
  
    // implement resource here  
  
})(request, response);  

Change this default code to:

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {  
  
 gs.info(request.body.dataString);  
  
})(request, response);  

The default objects to work with in a Scripted REST API Resource are response and request.

For more details on request and response see Scripted_REST_Request_API and Scripted_REST_Response_API

We can now see we have the following resource path to this newly created resource - /api/snc/sysdigalert

image2.png

The url to this resource would be https://yourInstance.service-now.com/<resource_Path> or https://yourInstance.service-now.com/api/snc/sysdigalert

Click Submit/Update on this resource.

Sysdig webhook setup

Now we've created our custom API endpoint in ServiceNow, we can configure our Sysdig alerts to use a custom webhook to trigger the ServiceNow integration.

API URL: your instance name URL
Name: ServiceNow (or whatever name you'd like for this Sysdig alert webhook)
Notify when OK: Optional
Notify when Resolved: Optional

image10.png

Congratulations, you're done! 

If you'd like to test this ServiceNow integration is setup and working correctly, you can setup a test alert to trigger. For example, we could create an alert for CPU usage:

Sysdig_Monitor_-_Alerts.png

In ServiceNow, navigate to System Log -> All to see a sample triggered webhook.

image3.png

Have more questions? Submit a request