Prisma Cloud: How to Auto create a new ServiceNow incident when Alert state changes from Resolved to Open

Prisma Cloud: How to Auto create a new ServiceNow incident when Alert state changes from Resolved to Open

4102
Created On 07/13/22 17:43 PM - Last Modified 04/17/24 19:23 PM


Objective


If a policy has already triggered an open alert that gets resolved, then this existing alert will not retrigger into ServiceNow. Unless you configure it to do so through the notification template.

Also, Prisma cloud will not import previously opened alerts into ServiceNow as new incidents. 

Environment


  • Prisma Cloud
  • Integration- ServiceNow

Procedure


  1. Checkbox- Auto create a new ServiceNow incident when Alert state changes from Resolved to Open. The same alert ID will trigger a new incident in ServiceNow once this box is checked. 
GUI Path: Settings > Integrations & Notifications > Add Notification Template > Add Template Details
Screenshot 2024-04-17 at 3.16.15 PM.png
  1. Make sure your notification template is attached to an alert rule. 
GUI Path: Alerts > Add Alert Rule > Step 4. Configure Notifications > Add ServiceNow template
Screen Shot 2022-07-15 at 5.18.13 PM.png
 
 

Additional Information


How to integrate ServiceNow with Prisma Cloud documentation here
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqW9CAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language