We have a requirement of integrating DX UIM with servicenow with the priorities listed below.

1. The alert in UIM should be created as an incident in servicenow

2. The incident created in servicenow should be assigned to specific group based on the keyword present in the alert. ex. if alert is on windows server the incident assignment group should be wintel team and if unix, then unix team.

3. When uim is trying to create an incident and if already any incident is active in servicenow then the new incident should not be created rather the worknotes of active incident should be updated.

Release: 20.3

• Guidance

Please use the sdgtw probe to integrate with Service Now.

Please refer to:

Service Desk Gateway (sdgtw)

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/monitoring/extensibility-and-integrations/sdgtw-service-desk-gateway.html 

Release notes: (please review)
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/monitoring/extensibility-and-integrations/sdgtw-service-desk-gateway/sdgtw-service-desk-gateway-release-notes.html 

As of sdgtw 2.20 or higher:

Introduced a new key 'update_incident_message_with_alarm_close_message' which enables you to send the updated alarm close incident messages specified in the 'Work Notes' to its corresponding ticket in Service Now when the alarm is cleared.

There should not be any duplicate incidents created in service now for the same alarm.

See also:

sdgtw: assign alarms to multiple groups using NAS Pre-processing rule
https://knowledge.broadcom.com/external/article/134254