ServiceNow ITSM Ticket Enrichment Automation - Solution Guide

Overview

ServiceNow is one of the most common ITSM solutions in the market. In this guide, we'll walk through a simple automation use case to help you quickly create an incident and update a ServiceNow ITSM ticket with additional information.

Modern information technology impacts every part of an organization, managing countless tasks and processes. Businesses rely on ServiceNow IT Service Management (ITSM) to coordinate these efforts and deliver customer value.

The Ansible Automation Platform for ServiceNow solution creates "closed-loop" automation between ServiceNow ITSM and Ansible Automation Platform workflows, eliminating the need for manual intervention. The Red Hat Ansible Certified Content Collection for ServiceNow enables Ansible automation workflows to open, close, and update service requests, incidents, problems, and change requests directly within ServiceNow.

With Ansible Automation Platform, you can collect information from existing service tickets, open and close service tickets, and enrich those tickets with data collected across your IT infrastructure. In the following example, we will use a CVE example using our Linux infrastructure.

Let's get started.

Operational impact: None

Business value drivers

• Reduced downtime
• Increased productivity
• Improved customer experience

Technical value drivers

• Greater context to guide incident response
• Improved service ticket resolution times
• Enforcement to configuration policies and system hardening

Prerequisites

This guide assumes a working knowledge of ServiceNow ITSM, as well as YAML, Ansible Playbooks, the Ansible VS Code extension, execution environments, Ansible navigator, and Git. If these concepts are less familiar to you, we strongly recommend the Ansible Basics: Automation Technical Overview course and/or these learning paths:

• Foundations of Ansible
• Get started with Ansible Playbooks
• Get started with the Ansible VS Code extension
• Building an execution environment
• Self-paced lab: Get started with Ansible navigator
• Self-paced lab: Get started with Ansible builder

Also recommended:

• Interactive lab: Get started with ServiceNow automation
• Video: Hands-on with servicenow.itsm collection for Ansible Automation Platform

Featured Ansible Content Collections

• Red Hat Certified Content Collection for ServiceNow ITSM
• You will also need to download and install the API for Red Hat Ansible Automation Platform Certified Content Collection. Please refer to the Installation Guide from the ServiceNow store.

The Ansible Content Collections referenced in this guide can be found in the Red Hat Hybrid Cloud Console, which is available to current subscribers. Not currently an Ansible Automation Platform customer? Sign up for a free 60-day trial.

Ansible / Ansible Automation Platform features used:

• Ansible Playbooks
• Ansible builder / execution environments
• Ansible navigator
• Automation hub
• Automation job templates

Other:

• Github

Step 1: Gather data from your ITSM

• To retrieve information from service tickets on ServiceNow that could be used in your automation or for simple data gathering, we will use the Ansible Certified Content Collection for ServiceNow.

• Create a playbook to gather facts about your ServiceNow ticket:

---
- name: Retrieve ServiceNow ticket details
  hosts: localhost
  gather_facts: no


  vars:
    ticket_number: "{{ ticket }}” 

  tasks:
   - name: Retrieve incidents by number
     servicenow.itsm.incident_info:
      instance:
       host: "{{ servicenow_instance }}"
       username: "{{ servicenow_username }}"
       password: "{{ servicenow_password }}"
      number: "{{ ticket_number }}"
     register: result
     delegate_to: localhost


   - name: print
     debug:
      msg: "{{ result }}"

ServiceNow inventory fact gathering playbook

• Create a job template using your ServiceNow instance information gathering playbook. Save your job template as "Collect ticket information" then select "Launch" to run the template.

• This playbook can be extended by using the ansible.builtin.set_fact module to allocate relevant data into ansible variables or the ansible.builtin.set_stats to allow for the data to persist between templates in an automation workflow.

Step 2: Create a service ticket

• Create another Ansible Playbook using the servicenow.itsm.incident module to create a service ticket within your ServiceNow ITSM.

---
- name: Create Service Ticket
  hosts: localhost
  gather_facts: no

  vars:
   SN_HOST: "{{ lookup('env', 'SN_HOST') }}"
   SN_USERNAME: "{{ lookup('env', 'SN_USERNAME') }}"
   SN_PASSWORD: "{{ lookup('env', 'SN_PASSWORD') }}"

  tasks:


   - name: Create Ticket
     servicenow.itsm.incident:
      instance:
       host: "{{ SN_HOST }}"
       username: "{{  SN_USERNAME }}"
       password: "{{ SN_PASSWORD }}"
      state: New
      caller: Admin
      impact: low
      urgency: low
     register: ticket_details
     delegate_to: localhost


   - name: print
     debug:
      msg: "{{ result }}"

ServiceNow create ticket playbook

• Create a job template using your ServiceNow ticket creation playbook.

• Save your job template as "Create ServiceNow Ticket" then select "Launch" to run the template.

• NOTE: You can combine the 2 job templates into a simple automation workflow to both create a ticket then gather information for that ticket.

Step 3: Enrich a ServiceNow ticket

• Using Ansible’s ability to operate across multiple technology domains and gather information, or using the ansible.builtin.uri module to interact with an API, we can write a playbook that utilizes those modules to enrich our tickets.

• In this example, we will reference Red Hat Insights to gather information about one of our systems and the details of a CVE that has been detected on the system. We will utilize the API module from Ansible to query Red Hat Insights, then use the ServiceNow incident modules to create a service ticket with the relevant data.

---
- name: Gather CVE Details
  hosts: localhost
  gather_facts: false


  vars:
   advisory_id:
   rhsm_username:
   rhsm_password:
   SN_HOST: "{{ lookup('env', 'SN_HOST') }}"
   SN_USERNAME: "{{ lookup('env', 'SN_USERNAME') }}"
   SN_PASSWORD: "{{ lookup('env', 'SN_PASSWORD') }}"


  tasks:


     - name: EDA | Insights | Retrieve related CVEs from Advisories
       ansible.builtin.uri:
        url: "https://console.redhat.com/api/patch/v3/advisories/{{ advisory_id }}/systems?page=1&perPage=20&sort=-last_upload&offset=0&limit=20"
        method: GET
        url_username: "{{ rhsm_username }}"
        url_password: "{{ rhsm_password }}"
        force_basic_auth: true
        status_code: 200
       register: cves_list


     - name: Gather CVE details
       ansible.builtin.uri:
        url: "https://console.redhat.com/api/patch/v3/advisories/{{ advisory_id }}"
        method: GET
        url_username: "{{ rhsm_username }}"
        url_password: "{{ rhsm_password }}"
        force_basic_auth: true
        status_code: 200
       register: cve_details


     - name: Extract type
       ansible.builtin.set_fact:
        cve_type: "{{ cve_details.json.data.attributes.advisory_type_name }}"
        cves_description: "{{ cve_details.json.data.attributes.description }}"
        solution: "{{ cve_details.json.data.attributes.solution }}"
        cves: "{{ cve_details.json.data.attributes.cves }}"

     - name: Create incident
       servicenow.itsm.incident:
        instance:
          host: "{{ SN_HOST }}"
          username: "{{ SN_USERNAME }}"
          password: "{{ SN_PASSWORD }}"
        state: new
        caller: "{{ SN_USERNAME }}"
        short_description: New Advisory CVE Type - "{{ cve_type }}"
        description: |

           Alert Type: "{{ cve_type }}"  CVE:  "{{ cves }}"


           CVE Description: "{{ cves_description }}"


           Possible Solution: "{{ solution }}"
        urgency: high
       register: new_incident

ServiceNow ticket enrichment playbook

• Create a job template using your CVE enrichment ticket playbook. Save your job template as "Enrich CVE ticket".

• We can also add a survey to the template to capture a user's input. In this example, we will submit the CVE advisory number. Then select “Launch” and provide the advisory from Red Hat Insights to create an enriched service ticket.

• Review the ticket within ServiceNow:

Next steps

Once you're comfortable using Ansible Automation Platform for these ServiceNow ITSM tasks, we recommend exploring additional use cases like updating your CMDB, attaching reports or files to an incident, and integrating your monitoring and observability tools with Event-Driven Ansible for even greater IT efficiency.

• Self-paced lab: Getting started with ServiceNow ITSM automation
• Self-paced labs: [Getting started with Event-Driven Ansible])https://www.redhat.com/en/interactive-labs/ansible#event-driven-ansible)

You can also integrate ServiceNow automation into other automation workflows for networking, AIOps, infrastructure, and more.