ServiceNow Incidents

The ServiceNow integration enables you to synchronize ServiceNow incidents with corresponding incidents in BigPanda. Incidents are kept up-to-date in both platforms allowing you to continue working in ServiceNow while benefitting from BigPanda’s tools.

Key Features

Bidirectional updates: Changes in either BigPanda or ServiceNow are synchronized within the other platform. By default, information is updated every 15 seconds reducing latency synchronization to less than 5 minutes. As a result, you are provided with an up-to-date view of incidents in near real-time.
Incident resolution and reopening capabilities: You can configure settings so that when an incident is resolved in BigPanda, the corresponding incident is resolved in ServiceNow, and vice-versa. Additionally, you can enable that a reopened BigPanda incident reopens the corresponding ServiceNow incident or creates a new one.
Customization options: Customize the transformation of shared data, and implement custom logic within the ServiceNow workflow. See a full list of optional logic and updating fields in the ServiceNow Incidents - Advanced Customization documentation.
Retry logic: If a request to the ServiceNow API fails, BigPanda will retry up to 6 times with 15 minutes in between each attempt. After 5 attempts, the request is added to the DLQ. If the 6th attempt fails, BigPanda support will be notified.
Note
The ServiceNow integration follows standard AutoShare rules for outbound shares.
Bi-directional sync is time based, and is in addition to the outbound sharing updates.
See Managing Incident Sharing for more information.

Install the BigPanda ServiceNow Integration

To install any of the integration modules, follow the Install the ServiceNow instructions, then configure the module settings.

Configure the Integration in ServiceNow

Application Architecture

BigPanda ServiceNow Application Architecture

Disable Polling Script

In ServiceNow from the left sidebar navigate to BigPanda > Changes > Retrieve Incidents Scheduled Job.
Uncheck the Active box.
Click Update to save your settings.

Configure the Incidents Module

In the ServiceNow application, navigate to BigPanda>Configuration.

In the General section, enter the appropriate keys provided in the BigPanda Console Integration instructions.

Field	Description
Bearer Token	Enter the BigPanda organization key here.
API Key	Enter the BigPanda API key here.
Incidents App Key	Enter the ServiceNow Incidents App Key here. You can obtain it from the BigPanda ServiceNow Incidents integration module.
Change APP Key	Enter the app key for the BigPanda Outbound ServiceNow Change integration
Telemetry Enabled	Select this checkbox to enable exporting logging data in the integration and to receive troubleshooting and diagnostic assistance by BigPanda.
Telemetry Endpoint	Provide a URL for the telemetry option.

Configure the Incidents section.

Incidents Settings

Parameter	Description
Active	Select this checkbox to enable configuring the integration settings.
Assignment Group	A group to which BigPanda assigns new ServiceNow incidents. For example, define “DevOps” as the assignment group.
Caller ID Email	A default email associated with a ServiceNow user calling in the incident. BigPanda searches for the caller’s details and populates the Caller ID field.
Opened By Email	A default email associated with a ServiceNow user who created the incident. BigPanda searches for the user's details and populates the Opened By field.
CMDB CI Field	Provide an alert tag representing the physical server of your system, such as host, hostID, hostname. BigPanda searches for this tag in the payload and defines it as your configuration item. For example, if you define the CMDB CI field as “host” then every time a new BigPanda incident is created, BigPanda searches for the host tag and populates this value in the configuration item field.
Resolved By Email	The email address of the ServiceNow user that resolved the incident.
Primary Alert	A single alert can be defined as the Primary Alert of the BigPanda incident. Provide a list of criteria for the alert you wish to be defined as the Primary Alert. BigPanda searches all alerts according to these values, in an order of preference from left to right, to find the Primary Alert. For example, the following default values: `“status=critical, startedOn”` classifies the Primary Alert as being the oldest alert having a critical status. By default, values are sorted in ascending order, specifying the oldest alerts. If you want the Primary Alert to be the newest alert negate the field name to: `“-startedOn”`. Equality sorting criteria may use wildcards (`*`) when searching for matching values. Alerts are sorted in an order of listed elements. The values: `“Status=critical, status=warning, startedOn”` places all critical status alerts first followed by warning status.
Priority in Short Description	Include the BigPanda priority Incident Tag in a ServiceNow ticket's Short Description
AIA in Short Description	Include the AI-generated Incident Analysis Summary in a ServiceNow ticket's Description
Description Incident Tags	A comma-separated list of BigPanda Incident Tags to include in a ServiceNow ticket's Description
Description Alert Tags	A comma-separated list of BigPanda Alert Tags to include in a ServiceNow ticket's Description
Max alerts in Description	The total number of alerts that can be included in a single ServiceNow ticket's Description
Add BigPanda links to description	Include links to the BigPanda Incident, Preview, and Timeline in a ServiceNow ticket's Description
Add description to work notes	Add BigPanda's standard incident Description in the Work Notes for an incident to allow for other logic in Description
Show UI Action Button to Incident in BP	Add a button in ServiceNow Incident with an anchored link to BigPanda Incident
Show UI Action Button to Incident Timeline in BP	Add a button in ServiceNow Incident with an anchored link to BigPanda Incident Timeline
Resolve ServiceNow Incident	Select this checkbox to automatically resolve ServiceNow incident when a corresponding incident is resolved in BigPanda.
Flapping - Block Resolve	Select this checkbox to block resolution of incidents on ServiceNow if the BigPanda incident is marked as flapping.
Resolve BigPanda Incident	Select this checkbox to automatically resolve the corresponding BigPanda incident when a ServiceNow incident is resolved.
Send Closure Code	Select this checkbox if you want to send closure information about a resolved ServiceNow incident as a comment in the BigPanda incident.
Re-open Resolved	Select this checkbox to enable a ServiceNow incident to be reopened when a BigPanda incident is reopened. Disable if you want to create a new ServiceNow incident when a BigPanda incident is reopened.
Re-open Window	If you enabled the Re-open Resolved field, you can set the timeframe during which the ServiceNow incident can be reopened. Default time window is 30 minutes.
Update Fields	Provide a list of all ServiceNow fields you want to be updated when a ServiceNow incident is created in BigPanda. For example, list the description field as an update field in ServiceNow in order to see the description information provided by BigPanda.
Retrieval Count	The number of BigPanda incidents you want to retrieve at once can be adjusted. Default Retrieval Count is 20.
Retrieval Endpoint	Provide a URL where ServiceNow can retrieve BigPanda incidents.
Callback Endpoint	Provide a URL where ServiceNow can respond to a corresponding BigPanda incident.
Incident Tag Mapping	A table of BigPanda Incident Tags and ServiceNow Incident fields to sync. In the BigPanda Incident Tag field, enter the name of the BigPanda incident tag, matching the case exactly. If you enter an incident tag name that does not match an existing tag in BigPanda, a new tag will be automatically created. Only Text type incident tags are supported In the ServiceNow Incident Field, enter the ServiceNow Incident field that the BigPanda incident tag should map to. The Sync Direction can be BP to SNOW, vice-versa, or bi-directional.
Active	Select this checkbox to enable configuring the integration settings.

For a complete list of available fields, see ServiceNow Advanced Customization.

If you have not been granted Administrator access to the ServiceNow integration system, you can modify the integration through custom headers. To learn more, see Custom Headers.

Configure the Alert Configuration Module

In the ServiceNow application, navigate to BigPanda>Configuration.
In the Alert Processing - Addon section, select Alert Configuration.
Adjust the configuration to fit the needs of downstream teams.

Field	Description
Turn on alert processing and associate alerts to an incident?	Enable alert processing features and configuration. Select Yes to enable all other alert table functionality.
Turn on logging for alert processing to help debugging?	Turn on troubleshooting logs for the alert processing features. To reduce noise, we recommend turning logging on only during testing or troubleshooting.
What alert tag contains the hostname field that should map to the CMDB_CI table for alert bindings?	Enter the name of the BigPanda alert tag that contains the host data.
Use the alert Primary Property for the HOST field to look up CMDB CI alert bindings?	An alternate option to identify the host tag. If Yes is selected the primary property tag will be used as the hostname field.
If hosts are not found in the CMDB, should they be automatically added to the CMDB_CI table and listed as “Pending Install”?	This option adds hosts to the CMDB_CI table for any alert that did not successfully match an existing CMDB_CI record. By default, hosts added to the CMDB through this automation will be labeled with the `Pending Install` status.
What should be the numerical status of new CMDB_CI items (4= “Pending Install”)	If new hosts will be added to the CMDB_CI from unmatched BigPanda alerts, you can use this field to adjust the status of created hosts.
Use the BigPanda View link from the BigPanda activity log in the BigPanda console?	When Yes is selected, the link in the incident activity log will direct to the BigPanda view instead of the standard ServiceNow incident view.
The alert tag that contains the assignment group for mapping alerts or incident tasks to an assignment group?	When a tag is defined, alerts will automatically be assigned to assignment groups based on matched values to ServiceNow assignment groups.
Map a custom tag to the priority field on the alert record? (Used for SLAs and other reporting)	Select Yes if there is a custom alert tag that should define priority. You must define the tag below.
The alert tag name that will be included to create an incident task, the value must be “true”.	Enter a BigPanda alert tag name. If the value sent by that tag is `true`, an incident task will be created for the alert.
What alert tag from BigPanda should represent severity? This will map over to Priority on the BP alert table. Available values are “critical, major, minor, warning, unknown”.	If you selected Yes to map a custom priority tag, enter the BigPanda alert tag name here. The defined tag must send values in the standard BigPanda severity values.
Have you installed the add-on for BigPanda alert tables (BP alerts)? (This add-on requires a table entitlement and cannot be used with ServiceNow Event Management Tables.)	Select Yes to enable the creation of BigPanda alerts in the BP alert table.
Enable the similar incidents tab for the BigPanda incidents view?	Select Yes to generate the Similar Incidents tab in the BigPanda view.
Enable the RCC tab on the BigPanda incidents view?	Select Yes to generate the RCC tab in the BigPanda view.
Parse events into the incident tasks table? (BETA)	Select Yes to generate the Incident Tasks table in the BigPanda view.
Enable AIA descriptions and remove the alert summary?	Select Yes to generate the Automated Incident Analysis tab in the BigPanda view. This will overwrite the existing description field.

In this section: