Incident creation loop with other call system
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2017 03:30 AM
We have had an issue over the weekend where a member of staff emailed an external organisation and copied in our Service Desk. When the company replied, they copied in our Service Desk which opened an incident in ServiceNow and sent them a notification. The notification then triggered the company's system to open an incident and send a notification back to our Service Desk, which then opened another incident in our system and sent them a notification. The loop continued until we came in this morning and discovered over 500 incidents had been opened for this company.
We have added a line to our inbound action to temporary block emails from this company but how have people prevented this happening when you cannot predict the sender or subject? We were thinking that perhaps a business rule could check the number of notifications being sent to unique addresses and trigger an event to send a notification to our team if the count for any address goes over 10 in a couple of hours so we could investigate. Is there a better way of trapping this?
Regards,
Anne.
- Labels:
-
Incident Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2017 03:41 AM
Hello Anne.
Does the other company have as well a SN instance?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2017 03:49 AM
I don't know whether their system is ServiceNow or not. What I am concerned about is preventing this happening with any organisation's call system irrespective of what type of system it is.
Regards,
Anne.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2017 03:57 AM
Hello Anne.
If it is a SN instance please use the provided article.
Otherwise, email filter on header , filter by the suffix of the company
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2017 04:05 AM
Hi Corina,
As I said in my original post, we have already blocked this particular company. However, we want to prevent the situation where an exchange of notifications between automatic systems results in hundreds of incidents being created in ServiceNow. The problem is that we don't know the email addresses of other companies which may have automatic call systems so cannot specify particular email addresses to block and even if we did, blocking them completely could prevent genuine queries raising incidents. I was hoping someone had come up with way of detecting when a loop had been created so that it could be flagged up and stopped before it got out of hand.
Regards,
Anne.
