We're working on integrating UPS SNMP traps into ServiceNow Event Management (Yokohama release). The traps are coming in via MID Server and show up as events with Source = “Trap from Enterprise 318” and Resource = “APC.”

We’ve created a Transform and Enrich rule with a working script that extracts key fields from the additional_info object (fields like agent_address, enterprise, generic_trap, specific_trap, etc.).

However, even though the script logs show the parsing works, the event fields like node, type, and severity remain blank after the rule runs. These fields should be populated based on the parsed values, but it’s as if something is overwriting or ignoring them after transformation.

We’ve verified:

• The Transform rule runs and logs values correctly

• The additional_info fields are present and match expected patterns

• Manual field setting via script works — just doesn’t persist

We’re wondering if this is:

• A post-processing step that wipes those values?

• A parser or correlation behavior overwriting the fields?

• Related to field protection in Yokohama?

Has anyone seen similar behavior with SNMP traps or UPS integrations in Yokohama? Any advice or success stories would be hugely appreciated.

Thanks!
– Mark