Eric,

I have not resolved the issue yet. I am now trying to see how to write a reference field from the Security Incident form to the Alert Severity field. I am not sure what table that would reside in, if it is the Alert (em_table) or some other reference table. I am looking to have a javascript run to put the value of the Severity field set to the Alert number that triggered the Security Incident.

Kyle

Ashutosh, 

We had tried several things (unsuccessfully) but I am wondering if I don't try to explain what I am trying to do in a different way and maybe you or someone else will suggest what I should try next. 

We use the Severity level in our reporting and SLA metrics. We currently use Splunk to send events to ServiceNow using the App. We also receive emails from our DLP solution that currently we have Inbound email rules which create Events to Alerts and set the Alert Severity. Due to not being able to apply SLA definitions to Events/Alerts we are going to have the Alerts trigger Security Incidents. Since we have the Alert Severity configured for all incoming events to ServiceNow we would like to take the value assigned to the Severity of the Alert and either put that value into a custom field on the Security Incident or change the Security Incident Severity to the correct value. Basically if the Alert Severity is Minor then the Security Incident should be Low; Major to Medium, and Critical to High.

When looking to use a reference field, I don't want to be given the option to select the severity, I want to be presented what the Alert Severity value is set to.

I hope this better description of my project will help. I appreciate the time you have taken to assist me.