Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Actions][ServiceNow] Close issue when an alerts resolves #170522

Closed
cnasikas opened this issue Nov 3, 2023 · 2 comments · Fixed by #171760
Closed

[Actions][ServiceNow] Close issue when an alerts resolves #170522

cnasikas opened this issue Nov 3, 2023 · 2 comments · Fixed by #171760
Assignees
@js-jankisalvi
Labels
Feature:Actions/ConnectorTypes Issues related to specific Connector Types on the Actions Framework Team:Endpoint Response Endpoint Response Team

Comments

@cnasikas
Copy link
Member

cnasikas commented Nov 3, 2023
edited
Loading

Summary

A rule with a ServiceNow connector configured will create a new incident to ServiceNow when it triggers. Based on the correlation ID it will either create or update an incident. The framework supports taking different actions based on the state of the alert, triggered or resolved. Some connectors like the PagerDuty already support closing an incident when the alert resolves. We need to support the same for the ServiceNow ITSM connector. We will follow the same pattern followed with PagerDuty.

Example of PagerDuty configured to recover

Screenshot 2023-11-03 at 3 42 08 PM

DoD

  • Create a sub action to allow to close an incident based on the correlation ID through the ServiceNow ITSM action API
  • Let users configure in the UI how the connector will run when the alert recovers

Out of scope

  • Reopen an incident if it is already closed/resolved
  • New context variables
  • No SN incident properties will be modified when the incident is closed other than the incident change of state itself, the close_code, and the close_notes

Related: #83221, #162557
@cnasikas cnasikas added Team:Endpoint Response Endpoint Response Team Feature:Actions/ConnectorTypes Issues related to specific Connector Types on the Actions Framework labels Nov 3, 2023
This was referenced Nov 3, 2023
Open
Open
Open
@heespi
Copy link

heespi commented Nov 3, 2023

Could we call out in the "out of scope" section that no SN incident properties will be modified when the incident is closed other than the incident change of state itself?

@cnasikas
Copy link
Member Author

cnasikas commented Nov 3, 2023

Ok! close_code and close_notes are required fields when closing an incident. I also added them to the DoD.

@cnasikas cnasikas assigned cnasikas and js-jankisalvi and unassigned cnasikas Nov 6, 2023
@js-jankisalvi js-jankisalvi mentioned this issue Nov 27, 2023
Merged
2 tasks
js-jankisalvi added a commit that referenced this issue Dec 1, 2023
@js-jankisalvi @kibanamachine
[Actions][ServiceNow] Allow to close serviceNow incident when alert r…
d31a158 
…esolves (#171760)

## Summary

Fixes: #170522

This PR allows to `close service now incident` when alert is `recovered`

SN connector form shows only `correlation_id` field as it is mandatory
field to close an incident.

![Screenshot 2023-11-27 at 11 52
36](https://github.com/elastic/kibana/assets/117571355/1d722153-f77a-484a-b17b-13489f9d7666)

**How to test:**
- Create a rule and select serviceNow ITSM action with Run when option
as Recovered
- Verify that it closes an incident in SN when Alert is recovered


### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
@shanisagiv1 shanisagiv1 mentioned this issue Dec 13, 2023
Open
@js-jankisalvi js-jankisalvi mentioned this issue Jan 17, 2024
Closed
This was referenced Jan 22, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@js-jankisalvi js-jankisalvi

Labels
Feature:Actions/ConnectorTypes Issues related to specific Connector Types on the Actions Framework Team:Endpoint Response Endpoint Response Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Actions][ServiceNow] Allow to close serviceNow incident when alert resolves js-jankisalvi/kibana
3 participants
@cnasikas @js-jankisalvi @heespi