Prisma Cloud Alerts opened prior to ServiceNow Integration are not generating ServiceNow tickets after successful Integration

Prisma Cloud Alerts opened prior to ServiceNow Integration are not generating ServiceNow tickets after successful Integration

4246
Created On 06/10/22 03:53 AM - Last Modified 06/10/22 04:00 AM


Symptom


  • Alerts are generated and in Open state prior to ServiceNow Integration with Prisma Cloud.
  • Prisma Cloud is successfully integrated with ServiceNow.
  • Alerts generated after above Integration are automatically notified through ServiceNow tickets.
  • However, Prisma Cloud Alerts that were Open prior to the ServiceNow Integration are not generating ServiceNow tickets.

Environment


  • Prisma Cloud
  • ServiceNow

Cause


  • Only Prisma Cloud Alerts opened after the successful Integration with ServiceNow will generate ServiceNow tickets.
  • This implies any Alerts opened prior to the ServiceNow Integration with Prisma Cloud will not generate ServiceNow tickets.
  • For the prior Alerts to notify via ServiceNow tickets, they need to undergo a Status change in Prisma Cloud (eg. Open to Resolved).

Resolution


  • This is expected behaviour and as per current product design.
  • If you want ServiceNow to receive tickets for all Open Alerts irrespective of when they were generated (before or after successful Integration), there is an existing Feature Request with no ETA at this time : PANW-I-3798

Additional Information


For an Alert to generate a ServiceNow ticket successfully, ensure the following:

1. Integration with ServiceNow is configured, enabled and tested successfully under Settings > Integrations > Add Integration > ServiceNow.

Screenshot 2022-06-10 at 10.58.43 AM.png

2. Notification Template is tested successfully for this Integration under Alerts > Notification Templates > Add Notification Template.

Screenshot 2022-06-10 at 10.53.37 AM.png

3. Alert Rule with the above Notification Template is enabled under Alerts > Alert Rules > Enable Alert Notifications (Get notified when policies are violated by one or more notification channels) > Configure Notifications.

Screenshot 2022-06-10 at 11.02.10 AM.png

4. Cloud Account Groups and Policy corresponding to the Alert should be enabled in the Alert Rule under Assign Targets and Assign Policies.

Screenshot 2022-06-10 at 11.32.51 AM.png

Screenshot 2022-06-10 at 11.34.10 AM.png

5. An existing Alert Status changed or a New Alert was generated in Prisma Cloud after the above configuration.

Note: For more information, refer: Integrate Prisma Cloud with ServiceNow
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CpyRCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language