How to enrich an alert with CMDB data after binding the CI?

Fr_d_ric Dhuez
Tera Contributor

Hi Guru!

 

I have a requirement from our business who wants enrich the alerts with CMDB data after the alert binds a CI.

For example, we would like to enrich the alert with the Support Group indicated into the CI impacted by this alert.

I didn't found how to do it from the Alert automation neither other kind of feature...

Is it possible to do it??

 

Thank you

Fred

8 REPLIES 8

Hi Fred,

 

We use the previously mentioned option of setting the assignment group with an alert management rule that triggers a subflow. Since you can set the assignment group via the "evt_mgmt.alert_auto_assignment_field" property, I would recommend using this. You just need to define the value cmdb_ci.support_group and new alerts will get the assignment group set based on the CI support group. You can also use multiple values in case this value is empty, the next value will be used.

 

Another possibility I see are event fields mapping rules. You could create a rule with the mapping type “Assign field (copy field)” that is executed after binding, with the source field “alert_cmdb_ci.support_group” and the target field “assignment_group”. As the rule is executed on every new event as far as I know, I guess the property or alert management rule is more effective.

 

I hope this helps you.

 

Regards,

Björn

Thanks Björn for your answer, I agree that Event Field Mapping rules after binding can be a solution. I'm working on it 😉

Pratiksha
Mega Sage
Mega Sage

if you are just looking for updating the support group information then a simple BR can help. As soon as alert binds with the ci BR can update CI's support group on the alert. 

 

To bind ci to an alert you need to use event rules. 

 

Regards,

Pratiksha

JulieE585484244
Mega Contributor

To enrich an alert with CMDB data after binding a Configuration Item (CI) in ServiceNow, you can leverage Event Rules to map alert data to CI fields and populate additional relevant information, or utilize Business Rules for more complex customizations and logic after the CI binding has occurred. This process enhances alert context, improves operator efficiency, and facilitates more accurate incident response.