Prisma Cloud Alerts opened prior to ServiceNow Integration are not generating ServiceNow tickets after successful Integration
4749
Created On 06/10/22 03:53 AM - Last Modified 06/10/22 04:00 AM
Symptom
- Alerts are generated and in Open state prior to ServiceNow Integration with Prisma Cloud.
- Prisma Cloud is successfully integrated with ServiceNow.
- Alerts generated after above Integration are automatically notified through ServiceNow tickets.
- However, Prisma Cloud Alerts that were Open prior to the ServiceNow Integration are not generating ServiceNow tickets.
Environment
- Prisma Cloud
- ServiceNow
Cause
- Only Prisma Cloud Alerts opened after the successful Integration with ServiceNow will generate ServiceNow tickets.
- This implies any Alerts opened prior to the ServiceNow Integration with Prisma Cloud will not generate ServiceNow tickets.
- For the prior Alerts to notify via ServiceNow tickets, they need to undergo a Status change in Prisma Cloud (eg. Open to Resolved).
Resolution
- This is expected behaviour and as per current product design.
- If you want ServiceNow to receive tickets for all Open Alerts irrespective of when they were generated (before or after successful Integration), there is an existing Feature Request with no ETA at this time : PANW-I-3798
Additional Information
For an Alert to generate a ServiceNow ticket successfully, ensure the following:
1. Integration with ServiceNow is configured, enabled and tested successfully under Settings > Integrations > Add Integration > ServiceNow.
2. Notification Template is tested successfully for this Integration under Alerts > Notification Templates > Add Notification Template.
3. Alert Rule with the above Notification Template is enabled under Alerts > Alert Rules > Enable Alert Notifications (Get notified when policies are violated by one or more notification channels) > Configure Notifications.
4. Cloud Account Groups and Policy corresponding to the Alert should be enabled in the Alert Rule under Assign Targets and Assign Policies.
5. An existing Alert Status changed or a New Alert was generated in Prisma Cloud after the above configuration.
Note: For more information, refer: Integrate Prisma Cloud with ServiceNow