| Action | Description |
|---|---|
| Create New Incident from | Run this action to generate a new ServiceNow incident for an alarm This action is available when you launch a response action directly for an existing alarm |
| Create New Incident from | Run this action to generate a new ServiceNow incident for a vulnerability This action is available only when you launch a response action directly for an existing vulnerability |
| Create New Incident from | Run this action to generate a new ServiceNow incident for an event This action is available only when you launch a response action directly for an existing event |
| Create New Incident from Orchestration Rule | Run this action to generate a new ServiceNow incident for future events that match your criteria This action is available only when you launch a response action in an orchestration rule |
| Create a change request | Run this action from an alarm or investigation to generate a change request in ServiceNow |
| Update Alarm Status | Run this action to update the status of an alarm |
| Pull Events | Run this action to pull events from ServiceNow |
Before launching a ServiceNow response action or creating a ServiceNow response action rule, the BlueApp for ServiceNow must be enabled and connected to your ServiceNow instance. See Configuring the BlueApp for ServiceNow for more information.
- In USM Anywhere, go to Data Sources > BlueApps.
- Click the Available Apps tab.
- Search for the BlueApp, and then click the tile.
- Click the Actions tab to display information for the supported actions.
- Click the History tab to display information about the executed orchestration actions.
Launch Actions from USM Anywhere
You can launch an action directly from alarms, events, or vulnerabilities. If you want to apply an action to similar events that occur in the future, you can also create orchestration rules directly from the action applied to an alarm, event, or vulnerability.To launch a ServiceNow response action for an alarm, event, or vulnerability
To launch a ServiceNow response action for an alarm, event, or vulnerability
- Go to Activity > Alarms, Activity > Events, or Environment > Vulnerabilities.
- Click the alarm, event, or vulnerability to open the details.
-
Click Select Action.
-
In the Select Action dialog box, select the ServiceNow tile.
This displays the options for the selected response app. The App Action is set automatically according to the item type.
- (Optional.) If you have more than one USM Anywhere Sensor configured for the BlueApp for ServiceNow, use the Select Sensor option to set the sensor that you want to use for the action.
-
Set Service Desk as the Incident Type.
-
(Optional.) Modify the description information for the new incident.
The BlueApp populates these fields automatically from information in the alarm, event, or vulnerability; however, you can add your own static text in these fields if needed:
- Short Description: This field contains the subject for the new incident. By default, the BlueApp populates the name of the alarm, event, or vulnerability.
- Description: This field contains information used to respond to the incident. By default, the BlueApp populates the information according to the item type and provides the source and destination. You might choose to include additional comments here, such as suggestions for the incident response handling.
- Click Run.