Needed permissions and settings to send UIM alarms to the SNOW event table.
Version: Any
Component: sdgtw 2.35+
User connecting to SNOW needs the following permissions in SNOW:
evt_mgmgt_integration
evt_mgmt_user
itil
personalize_dictionary
rest_api_explorer
soap
And in the configuration, you need to select:
Create event instead of incident
Even though the integration works and Events are created in SeviceNow, no custom mapping is available.
Only a few attributes are hard-coded to map to the SNOW:
Node --> alarm Hostname
Source --> alarm origin
Description --> alarm description
There is a hotfix created to map the following:
Node --> alarm Hostname
Source --> UIM
Description --> $hostname $message
additional_information --> Suppression Key: $supp_key probe: $probe message: $message
Please contact Support to request this hotfix (sdgtw-2.3.5-HF1).
Additionally, a new version of the probe is in the works that includes a mapping UI for Events.