ServiceNow ITSM Ticket Enrichment Automation - Solution Guide
Overview
ServiceNow is one of the most common ITSM solutions in the market. In this guide, we'll walk through a simple automation use case to help you quickly create an incident and update a ServiceNow ITSM ticket with additional information.
Modern information technology impacts every part of an organization, managing countless tasks and processes. Businesses rely on ServiceNow IT Service Management (ITSM) to coordinate these efforts and deliver customer value.
The Ansible Automation Platform for ServiceNow solution creates "closed-loop" automation between ServiceNow ITSM and Ansible Automation Platform workflows, eliminating the need for manual intervention. The Red Hat Ansible Certified Content Collection for ServiceNow enables Ansible automation workflows to open, close, and update service requests, incidents, problems, and change requests directly within ServiceNow.
With Ansible Automation Platform, you can collect information from existing service tickets, open and close service tickets, and enrich those tickets with data collected across your IT infrastructure. In the following example, we will use a CVE example using our Linux infrastructure.
Let's get started.
Operational impact: None
Business value drivers
- Reduced downtime
- Increased productivity
- Improved customer experience
Technical value drivers
- Greater context to guide incident response
- Improved service ticket resolution times
- Enforcement to configuration policies and system hardening
Prerequisites
This guide assumes a working knowledge of ServiceNow ITSM, as well as YAML, Ansible Playbooks, the Ansible VS Code extension, execution environments, Ansible navigator, and Git. If these concepts are less familiar to you, we strongly recommend the Ansible Basics: Automation Technical Overview course and/or these learning paths:
- Foundations of Ansible
- Get started with Ansible Playbooks
- Get started with the Ansible VS Code extension
- Building an execution environment
- Self-paced lab: Get started with Ansible navigator
- Self-paced lab: Get started with Ansible builder
Also recommended:
- Interactive lab: Get started with ServiceNow automation
- Video: Hands-on with servicenow.itsm collection for Ansible Automation Platform
Featured Ansible Content Collections
- Red Hat Certified Content Collection for ServiceNow ITSM
- You will also need to download and install the API for Red Hat Ansible Automation Platform Certified Content Collection. Please refer to the Installation Guide from the ServiceNow store.
The Ansible Content Collections referenced in this guide can be found in the Red Hat Hybrid Cloud Console, which is available to current subscribers. Not currently an Ansible Automation Platform customer? Sign up for a free 60-day trial.
Ansible / Ansible Automation Platform features used:
- Ansible Playbooks
- Ansible builder / execution environments
- Ansible navigator
- Automation hub
- Automation job templates
Other:
- Github
Step 1: Gather data from your ITSM
- To retrieve information from service tickets on ServiceNow that could be used in your automation or for simple data gathering, we will use the Ansible Certified Content Collection for ServiceNow.
- Create a playbook to gather facts about your ServiceNow ticket:
---
- name: Retrieve ServiceNow ticket details
hosts: localhost
gather_facts: no
vars:
ticket_number: "{{ ticket }}”
tasks:
- name: Retrieve incidents by number
servicenow.itsm.incident_info:
instance:
host: "{{ servicenow_instance }}"
username: "{{ servicenow_username }}"
password: "{{ servicenow_password }}"
number: "{{ ticket_number }}"
register: result
delegate_to: localhost
- name: print
debug:
msg: "{{ result }}"
ServiceNow inventory fact gathering playbook
-
Create a job template using your ServiceNow instance information gathering playbook. Save your job template as "Collect ticket information" then select "Launch" to run the template.
-
This playbook can be extended by using the ansible.builtin.set_fact module to allocate relevant data into ansible variables or the ansible.builtin.set_stats to allow for the data to persist between templates in an automation workflow.
Step 2: Create a service ticket
- Create another Ansible Playbook using the servicenow.itsm.incident module to create a service ticket within your ServiceNow ITSM.
---
- name: Create Service Ticket
hosts: localhost
gather_facts: no
vars:
SN_HOST: "{{ lookup('env', 'SN_HOST') }}"
SN_USERNAME: "{{ lookup('env', 'SN_USERNAME') }}"
SN_PASSWORD: "{{ lookup('env', 'SN_PASSWORD') }}"
tasks:
- name: Create Ticket
servicenow.itsm.incident:
instance:
host: "{{ SN_HOST }}"
username: "{{ SN_USERNAME }}"
password: "{{ SN_PASSWORD }}"
state: New
caller: Admin
impact: low
urgency: low
register: ticket_details
delegate_to: localhost
- name: print
debug:
msg: "{{ result }}"
ServiceNow create ticket playbook
-
Create a job template using your ServiceNow ticket creation playbook.
-
Save your job template as "Create ServiceNow Ticket" then select "Launch" to run the template.
-
NOTE: You can combine the 2 job templates into a simple automation workflow to both create a ticket then gather information for that ticket.
Step 3: Enrich a ServiceNow ticket
-
Using Ansible’s ability to operate across multiple technology domains and gather information, or using the ansible.builtin.uri module to interact with an API, we can write a playbook that utilizes those modules to enrich our tickets.
-
In this example, we will reference Red Hat Insights to gather information about one of our systems and the details of a CVE that has been detected on the system. We will utilize the API module from Ansible to query Red Hat Insights, then use the ServiceNow incident modules to create a service ticket with the relevant data.
---
- name: Gather CVE Details
hosts: localhost
gather_facts: false
vars:
advisory_id:
rhsm_username:
rhsm_password:
SN_HOST: "{{ lookup('env', 'SN_HOST') }}"
SN_USERNAME: "{{ lookup('env', 'SN_USERNAME') }}"
SN_PASSWORD: "{{ lookup('env', 'SN_PASSWORD') }}"
tasks:
- name: EDA | Insights | Retrieve related CVEs from Advisories
ansible.builtin.uri:
url: "https://console.redhat.com/api/patch/v3/advisories/{{ advisory_id }}/systems?page=1&perPage=20&sort=-last_upload&offset=0&limit=20"
method: GET
url_username: "{{ rhsm_username }}"
url_password: "{{ rhsm_password }}"
force_basic_auth: true
status_code: 200
register: cves_list
- name: Gather CVE details
ansible.builtin.uri:
url: "https://console.redhat.com/api/patch/v3/advisories/{{ advisory_id }}"
method: GET
url_username: "{{ rhsm_username }}"
url_password: "{{ rhsm_password }}"
force_basic_auth: true
status_code: 200
register: cve_details
- name: Extract type
ansible.builtin.set_fact:
cve_type: "{{ cve_details.json.data.attributes.advisory_type_name }}"
cves_description: "{{ cve_details.json.data.attributes.description }}"
solution: "{{ cve_details.json.data.attributes.solution }}"
cves: "{{ cve_details.json.data.attributes.cves }}"
- name: Create incident
servicenow.itsm.incident:
instance:
host: "{{ SN_HOST }}"
username: "{{ SN_USERNAME }}"
password: "{{ SN_PASSWORD }}"
state: new
caller: "{{ SN_USERNAME }}"
short_description: New Advisory CVE Type - "{{ cve_type }}"
description: |
Alert Type: "{{ cve_type }}" CVE: "{{ cves }}"
CVE Description: "{{ cves_description }}"
Possible Solution: "{{ solution }}"
urgency: high
register: new_incident
ServiceNow ticket enrichment playbook
-
Create a job template using your CVE enrichment ticket playbook. Save your job template as "Enrich CVE ticket".
-
We can also add a survey to the template to capture a user's input. In this example, we will submit the CVE advisory number. Then select “Launch” and provide the advisory from Red Hat Insights to create an enriched service ticket.
-
Review the ticket within ServiceNow:
Next steps
Once you're comfortable using Ansible Automation Platform for these ServiceNow ITSM tasks, we recommend exploring additional use cases like updating your CMDB, attaching reports or files to an incident, and integrating your monitoring and observability tools with Event-Driven Ansible for even greater IT efficiency.
- Self-paced lab: Getting started with ServiceNow ITSM automation
- Self-paced labs: [Getting started with Event-Driven Ansible])https://www.redhat.com/en/interactive-labs/ansible#event-driven-ansible)
You can also integrate ServiceNow automation into other automation workflows for networking, AIOps, infrastructure, and more.
Comments