ServiceNow Inbound Integration

With the ilert ServiceNow integration, you can create alerts in ilert based on ServiceNow tickets or sync alert updates back to ServiceNow
ServiceNow is a platform-as-a-service (PaaS) provider of enterprise Service Management (SM) software.

In ilert: Create a ServiceNow alert source

  1. 1.
    Go to the "Alert sources" tab and click Create new alert source
  2. 2.
    Enter a name and select your desired escalation policy. Select "ServiceNow" as the Integration Type and click on Save.
  1. 1.
    On the next page, a ServiceNow URL is generated. You will need this URL below when setting up the hook in ServiceNow.

In ServiceNow: Create a business rule

  1. 1.
    Go to ServiceNow, search for Incidents, **then open the header menu and choose Configure -> Business Rules**
  1. 1.
    In the Business Rules view click on New to create a new business rule
  1. 1.
    Name the business rule e.g. ilert Alerts, choose Advanced option, in the When to run section choose async then choose Insert and Update options
  1. 1.
    Go to Advanced tab and paste the following code into the script section:
(function executeRule(current, previous /*null when async*/) {
var iLertUrl = "<your alert source URL here>";
function glideRecordToJson(gr) {
var obj = {};
for (var prop in gr) {
if (gr[prop]){
obj[prop] = gr.getValue(prop);
return obj;
var obj = glideRecordToJson(current);
obj.server_url = gs.getProperty("glide.servlet.uri");
var body = JSON.stringify(obj);
var request = new sn_ws.RESTMessageV2();
request.setRequestHeader("Accept", "application/json");
request.setRequestHeader("Content-Type", "application/json");
var response = request.execute();
})(current, previous);
  1. 1.
    Click on Submit or Update to save the business rule

ServiceNow Incident Lifecycle

When I create an ServiceNow ticket with status...
...then an ilert Alert...
is created
In Progress or Complete or Closed
will not be created and a
400 (bad request) error occurs
When I update an ServiceNow ticket with status...
...and the ilert alert...
...then the/an ilert Alert...
does not exist
is created
In Progress or Complete or Closed
does not exist
will not be created and a
400 (bad request) error occurs
doesn't change
Complete or Closed
change status to Resolved if not already resolved
In Progress
change status to Accepted if not already accepted

Advanced configuration

ilert's ServiceNow integration allows you to easily configure advanced settings such as dynamic escalation policy routing and priority mapping.
To get access to the advanced features, you will have to provide access credentials to your ServiceNow instance first. The provided user will need the following permissions in ServiceNow:
  • sys_user
  • sys_user_group
  • cmdb_ci_service
  • service_offering
  • sys_choice
  • sys_dictionary
This will grant you access to:

Dynamic priority mapping

When selecting priority mapping, ilert will contact your ServiceNow instance and fetch all available priorities of ServiceNow alerts. You will then be able to choose a mapping for each of these and determine how ilert will treat them when creating alerts in ilert.

Dynamic escalation policy routing

When selecting escalation policy routing, ilert will contact your ServiceNow instance and fetch all available alert fields. You will then be able to choose an alert field that should be used for incoming alerts in ilert to determine the routing key.
You may choose to give escalation policies in ilert a unique routing key.
With an incoming event ilert will try to find the right escalation policy based on the routing key and assign the alert to the escalation policy. If no routing key is provided, ilert will use the assigned escalation policy of the alert source.

Bidirectional alert synchronisation

When providing credentials you may choose to activate bidirectional mode on the ServiceNow alert sources. This will cause your alert source to be automatically linked with an outbound connector and alert action. This way status changes to ilert alerts will synchronize to ServiceNow tickets.
When saving the ServiceNow alert source with the bidirectional setting enabled, it will automatically create an outbound connector for you and take you to the creation page of the necessary alert action, please make sure to continue with the setup of the action to finish your bidirectional alert source setup.

Good to know

In the bidirectional setup, ilert will try to map users automatically (if Caller ID in alert action is left empty) based on their email address. This accounts for actions taken in ilert and synced back to ServiceNow, as well as actions taken in ServiceNow and send to ilert.
Remember to leave the Caller ID field in the alert action empty for automated user mapping to work properly
When providing a comment to the alert in ilert while resolving it, ilert will make sure sync the comments content as resolve information to the alert in ServiceNow.

Understanding ServiceNOW <-> ilert flows

This refers to the bidirectional setup
Synchronously mapping the the ServiceNOW ticket/incident lifecycle to the immutable lifecycle of an ilert alert, is not a simple back and forth. The connector runs a lot of state comparisons to identify if a ticket/incident update is needed based on the latest change event of an alert.
Incoming event
State check
Outgoing change operation
New (1) ticket event from ServiceNOW
If alert does not exist, it is created, otherwise the event is dropped (even if the corresponding alert for the ticket is in RESOLVED state) this is determined based on the sys_id of the ticket
Nothing, except if the priority or assignment of the alert differs from the original ticket status e.g. through configurations of the alert source or escalation policy
In Progress (2) or Complete/Resolved (6) or Closed (7) ticket update from ServiceNOW
If the alert does not exist, the event is dropped, otherwise: status -> transition priority -> raise assignment -> re-routing Operations might occur
Usually there should be no outbound event triggered through this change, however a re-route operation will likely trigger an asynchronous escalation or more as follow up events
Responder re-routes through ilert
A different escalation policy is assigned and escalation is restarted
If assignmentGroup or similar mappings are configured and they differ due to the changed routingKey of the assigned escalation policy the ticket will be updated
Responder accepts through ilert
Alert is accepted
If the ticket is not yet accepted, the status will be updated to In Progress if
Responder raises priority through ilert
Alert's priority is raised from LOW to HIGH and escalation of the assigned policy is triggered
Depending on the ticket's priority it is updated and
Responder adds a comment
Comment is added to alert
The comment is added to the ticket's notes
Automated escalation of alert in ilert
Reaching the next escalation level, might add new responders to the alert
This might assign the ticket to a different user
Responder resolves through ilert
Alert is resolved
If the ticket is not yet in status Complete/Resolved (6), Closed (7) or Canceled (8) it will be updated


Will alerts in ilert be resolved automatically?
Can I connect ServiceNow with multiple alert sources from ilert?
Yes, simply create more business rules in ServiceNow.