• Products
  • Use cases
  • Industries
  • Making it #EasyForEmployees
  • A guide with best practices for transforming the employee service experience.
  • Modernizing government via ITSM
  • A research doc about government agencies’ digital transformation challenges.


  • Gartner names ServiceNow a leader
  • 2018 Magic Quadrant for Enterprise High-Productivity Application PaaS.


  • General Mills transforms HR
  • Global employee service experience shows entire corporation how it’s done.


  • Do you need an AI council?
  • Formal collaboration helps implement new technology safely and effectively.

Proactively identify service issues


  • Effective automated incident management depends on the quality of monitoring and event data used to detect and respond to incidents.
  • Filter critical from noncritical information with automation so staff can focus on remediation.

Effective incident management automation begins with the ability to separate the “signal”—the monitoring and event data that points to potential disruptions in
your business services—from the “noise”—the alerts that reflect noncritical
information about the state of your services.

To separate the signal from noise, you should implement a filtering process using the ServiceNow Event Management tool. The steps for this process are
outlined below but you can also follow them using the guided setup within the tool.

  1. Configure a MID Server to receive and process events – The MID Server (for management, instrumentation, and discovery) is a Java application that runs as a Windows service or UNIX daemon on a server in your local network. It facilitates communication and moving data between your ServiceNow instance and external applications, data sources, and services, including your sources of alert data.
  2. Configure connector definitions and connector instances to receive external events – “Connector definitions” specify the MID Server script that pulls events from the external event source. 
  3. Configure event field mappings and alert binding to manage alert generation – Event field mappings are rules that are used to map values from specific fields to values in other fields. These rules apply after event rule processing and just prior to alert generation, for example, to map event severity fields from a monitoring tool into your ServiceNow severity values. Alert binding automatically binds alerts to CI information from the CMDB. When these two things occur together, they ensure that the alert data is both consistent and clearly maps to CIs.

For more information on these steps, see Event Management setup.

When you complete these steps together, there’s less event noise generated by third‑party monitoring tools, and you create actionable alerts to help your IT organization resolve service outages. 

Events are processed through filters (via the MID Server) that normalize and deduplicate incoming event streams that generate alerts, reducing noise by up to 99%. You can set this up for discovered business services, manually defined business services, technical services, and alert groups. 

When an event from an external source is identified, Event Management locates the CI information to generate an alert, per step 3 above. This CI information is stored in the CMDB through Service Mapping, Discovery, manual entry, and third‑party sources. 

Service Mapping provides the ability to correlate alerts to relative service impact—and if you have enabled Service Analytics, you’ll find additional correlated alert group and root‑cause analysis information to help you drive remediation and resolution. Figure 2 depicts the Event Management process flow.

Figure 2: Event Management process flow

Once configured, ServiceNow Event Management enables IT operations teams to view the impacted services and related alerts in a single console, like the one shown in Figure 3. You can select a service in the dashboard filters to show only relevant alerts, or you can select an alert to highlight the impacted services. 

You can also view services based on their business criticality, severity, and cost—this helps with prioritizing your remediation and resolution efforts. When you drill into a service, you can identify the probable cause of an impact simply by looking at it. 

Figure 3: ServiceNow Event Management console

Apply rules to alerts to trigger incident management workflows, including rules to:

  • Autogenerate and assign high‑priority incidents based on severity – This requires clear prioritization and escalation rules, as described in Stage 4.
  • Associate alerts with relevant knowledge base articles to support resolution – To do this, you need a process for effective knowledge base maintenance, as described in Stage 4.

You can also define alert rules to present automated remediation options through integration with ServiceNow Orchestration. 

In all cases, base your alert trigger automation on a clear understanding of how your incidents are prioritized across services, how incidents should be optimally assigned and escalated, and how incidents should be remediated ideally based on historical data.

Expert Tip


Use subject matter experts—typically technology asset owners—to define a set of remediation options you can present to service desk staff for the common incidents. This will reduce the time from alert notification to response and resolution.

Explore additional phases


You want to be sure everything is in place for a smooth, successful deployment.


You want to be sure you’re following best practices during implementation.


You’re up and running and want to get the most from your investment.


You’re ready to extend ServiceNow into other areas of your enterprise.

Thank You

Thank you for submitting your request. A ServiceNow representative will be in contact within 48 hours.

form close button

Contact Us

I would like to hear about upcoming events, products and services from ServiceNow. I understand I can unsubscribe any time.

  • By submitting this form, I confirm that I have read and agree to the Privacy Statement.