From bc65675eae5afb0e284a2bf7c5a05ba2adc59ffc Mon Sep 17 00:00:00 2001 From: Taylor Konigsmark Date: Mon, 12 Mar 2018 09:16:55 -0500 Subject: [PATCH 01/14] Adding new parameters to service now alert so user can control the incidents being made --- docs/source/ruletypes.rst | 2 ++ elastalert/alerts.py | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index 064c449bd..0becf3cf3 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -1669,6 +1669,8 @@ Optional: ``servicenow_proxy``: By default ElastAlert will not use a network proxy to send notifications to ServiceNow. Set this option using ``hostname:port`` if you need to use a proxy. +.. TODO: LIST NEW PARAMS + Debug ~~~~~ diff --git a/elastalert/alerts.py b/elastalert/alerts.py index 65adefe12..2983c097c 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -1409,7 +1409,13 @@ def alert(self, matches): "category": self.rule['category'], "subcategory": self.rule['subcategory'], "cmdb_ci": self.rule['cmdb_ci'], - "caller_id": self.rule["caller_id"] + "caller_id": self.rule["caller_id"], + "priority": self.rule["priority"], + "impact": self.rule["impact"], + "urgency": self.rule["urgency"], + "u_division": self.rule["u_division"], + "u_originating_group": self.rule["u_originating_group"], + "contact_type": self.rule["contact_type"] } try: response = requests.post( From 23fac01552ec2deb44135ba26504215801f056d4 Mon Sep 17 00:00:00 2001 From: Taylor Konigsmark Date: Mon, 12 Mar 2018 09:39:28 -0500 Subject: [PATCH 02/14] Adding opened_by param to service now alert type --- elastalert/alerts.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/elastalert/alerts.py b/elastalert/alerts.py index 2983c097c..a7c767c3d 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -1410,12 +1410,11 @@ def alert(self, matches): "subcategory": self.rule['subcategory'], "cmdb_ci": self.rule['cmdb_ci'], "caller_id": self.rule["caller_id"], - "priority": self.rule["priority"], "impact": self.rule["impact"], "urgency": self.rule["urgency"], - "u_division": self.rule["u_division"], "u_originating_group": self.rule["u_originating_group"], - "contact_type": self.rule["contact_type"] + "contact_type": self.rule["contact_type"], + "opened_by": self.rule["opened_by"] } try: response = requests.post( From 77e560760960dca5c279b921ea9c8249d7933abc Mon Sep 17 00:00:00 2001 From: Taylor Konigsmark Date: Mon, 12 Mar 2018 09:51:44 -0500 Subject: [PATCH 03/14] adding new definitions to schema so they can be validated --- elastalert/schema.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml index fe722b637..0ff570a9d 100644 --- a/elastalert/schema.yaml +++ b/elastalert/schema.yaml @@ -237,6 +237,13 @@ properties: slack_parse_override: {enum: [none, full]} slack_text_string: {type: string} + ### ServiceNow + impact: {type: string} + urgency: {type: string} + u_originating_group: {type: string} + contact_type: {type: string} + opened_by: {type: string} + ### PagerDuty pagerduty_service_key: {type: string} pagerduty_client_name: {type: string} From 564de357c1f73320334229f065e89d57ec423c03 Mon Sep 17 00:00:00 2001 From: Taylor Konigsmark Date: Mon, 12 Mar 2018 09:54:21 -0500 Subject: [PATCH 04/14] fixing urgency and impact types --- elastalert/schema.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml index 0ff570a9d..dbda62333 100644 --- a/elastalert/schema.yaml +++ b/elastalert/schema.yaml @@ -238,8 +238,8 @@ properties: slack_text_string: {type: string} ### ServiceNow - impact: {type: string} - urgency: {type: string} + impact: {type: [string, integer]} + urgency: {type: [string, integer]} u_originating_group: {type: string} contact_type: {type: string} opened_by: {type: string} From 31ce9268c44247ec2b8c2665d8948929ac53cdb1 Mon Sep 17 00:00:00 2001 From: Taylor Konigsmark Date: Mon, 12 Mar 2018 11:36:48 -0500 Subject: [PATCH 05/14] sets u_division --- elastalert/alerts.py | 1 + elastalert/schema.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/elastalert/alerts.py b/elastalert/alerts.py index a7c767c3d..8cf40d9bf 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -1413,6 +1413,7 @@ def alert(self, matches): "impact": self.rule["impact"], "urgency": self.rule["urgency"], "u_originating_group": self.rule["u_originating_group"], + "u_division": self.rule["u_division"], "contact_type": self.rule["contact_type"], "opened_by": self.rule["opened_by"] } diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml index dbda62333..dce3243ba 100644 --- a/elastalert/schema.yaml +++ b/elastalert/schema.yaml @@ -241,6 +241,7 @@ properties: impact: {type: [string, integer]} urgency: {type: [string, integer]} u_originating_group: {type: string} + u_division: {type: string} contact_type: {type: string} opened_by: {type: string} From c72b506b771f7d899b12a9265cd76c28ec8dd6c8 Mon Sep 17 00:00:00 2001 From: Taylor Konigsmark Date: Mon, 12 Mar 2018 15:47:48 -0500 Subject: [PATCH 06/14] documentation for the service now parameters --- docs/source/ruletypes.rst | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index 0becf3cf3..7c4f38cab 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -1669,7 +1669,19 @@ Optional: ``servicenow_proxy``: By default ElastAlert will not use a network proxy to send notifications to ServiceNow. Set this option using ``hostname:port`` if you need to use a proxy. -.. TODO: LIST NEW PARAMS +``caller_id``: Used to log the ticket under another name than user making request. + +``impact``: Used to specify the impact of the incident created. + +``urgency``: Used to specify the urgency of the incident created. + +``u_originating_group``: The originating group the incident is for. + +``u_division``: The Division the incident is specified for. + +``contact_type``: The preferred contact method. + +``opened_by``: Specifies the user that opened it. Debug From b9853585c5d5a2eadace2c27682ccc981c4ebbf3 Mon Sep 17 00:00:00 2001 From: Eduardo Maldonado Fonseca Silva Date: Mon, 15 Jun 2020 19:50:14 -0300 Subject: [PATCH 07/14] Add service_offering and u_second_class SNOW fields to Elastalert payload --- elastalert/alerts.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/elastalert/alerts.py b/elastalert/alerts.py index 8cf40d9bf..22c76e156 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -1389,6 +1389,8 @@ def __init__(self, rule): super(ServiceNowAlerter, self).__init__(rule) self.servicenow_rest_url = self.rule['servicenow_rest_url'] self.servicenow_proxy = self.rule.get('servicenow_proxy', None) + self.service_offering = self.rule.get('service_offering', None) + self.u_second_class = self.rule.get('u_second_class', None) def alert(self, matches): for match in matches: @@ -1415,7 +1417,9 @@ def alert(self, matches): "u_originating_group": self.rule["u_originating_group"], "u_division": self.rule["u_division"], "contact_type": self.rule["contact_type"], - "opened_by": self.rule["opened_by"] + "opened_by": self.rule["opened_by"], + "service_offering": self.rule["service_offering"], + "u_second_class": self.rule["u_second_class"] } try: response = requests.post( From 2a206529bd02d1e34d0308fc279e10e4b0d9bc6e Mon Sep 17 00:00:00 2001 From: Eduardo Maldonado Fonseca Silva Date: Thu, 18 Jun 2020 08:20:31 -0300 Subject: [PATCH 08/14] Removing the init of service offering and second class --- elastalert/alerts.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/elastalert/alerts.py b/elastalert/alerts.py index 22c76e156..63fc80b7f 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -1389,8 +1389,6 @@ def __init__(self, rule): super(ServiceNowAlerter, self).__init__(rule) self.servicenow_rest_url = self.rule['servicenow_rest_url'] self.servicenow_proxy = self.rule.get('servicenow_proxy', None) - self.service_offering = self.rule.get('service_offering', None) - self.u_second_class = self.rule.get('u_second_class', None) def alert(self, matches): for match in matches: From cc9cdd97c6b0e179ff0a27f876853060dac30be1 Mon Sep 17 00:00:00 2001 From: whuangIHM Date: Fri, 14 Mar 2025 15:49:11 -0500 Subject: [PATCH 09/14] [KZ-258] update payload --- elastalert/alerts.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/elastalert/alerts.py b/elastalert/alerts.py index 9de4b16d4..ba76b9adb 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -1813,21 +1813,15 @@ def alert(self, matches): "assignment_group": self.rule['assignment_group'], "category": self.rule['category'], "subcategory": self.rule['subcategory'], - "cmdb_ci": self.rule['cmdb_ci'], - "caller_id": self.rule["caller_id"], "impact": self.rule["impact"], "urgency": self.rule["urgency"], + "priority": self.rule["impact"], "u_originating_group": self.rule["u_originating_group"], - "u_division": self.rule["u_division"], - "contact_type": self.rule["contact_type"], - "opened_by": self.rule["opened_by"], - "service_offering": self.rule["service_offering"], - "u_second_class": self.rule["u_second_class"] + "contact_type": self.rule["contact_type"] } try: response = requests.post( self.servicenow_rest_url, - auth=(self.rule['username'], self.rule['password']), headers=headers, data=json.dumps(payload, cls=DateTimeEncoder), proxies=proxies From ccfa989a30b946c88238154ea1cc3445c63e4804 Mon Sep 17 00:00:00 2001 From: whuangIHM Date: Fri, 14 Mar 2025 15:59:31 -0500 Subject: [PATCH 10/14] [KZ-258] update url --- elastalert/alerts.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/elastalert/alerts.py b/elastalert/alerts.py index ba76b9adb..795888ac2 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -1792,7 +1792,7 @@ class ServiceNowAlerter(Alerter): def __init__(self, rule): super(ServiceNowAlerter, self).__init__(rule) - self.servicenow_rest_url = self.rule['servicenow_rest_url'] + self.servicenow_rest_url = self.rule['servicenow_rest_url'] +"?zapikey="+ self.rule['apikey'] self.servicenow_proxy = self.rule.get('servicenow_proxy', None) def alert(self, matches): @@ -1833,7 +1833,7 @@ def alert(self, matches): def get_info(self): return {'type': 'ServiceNow', - 'self.servicenow_rest_url': self.servicenow_rest_url} + 'self.servicenow_rest_url': self.rule['servicenow_rest_url']} class AlertaAlerter(Alerter): From f3d8d9ab20939c242809257bfa40f014dbc9078f Mon Sep 17 00:00:00 2001 From: whuangIHM Date: Fri, 14 Mar 2025 21:29:06 -0500 Subject: [PATCH 11/14] [KZ-258] remove unused in required option --- elastalert/alerts.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/elastalert/alerts.py b/elastalert/alerts.py index 795888ac2..05ebcd7a0 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -1778,16 +1778,13 @@ def get_info(self): class ServiceNowAlerter(Alerter): """ Creates a ServiceNow alert """ required_options = set([ - 'username', - 'password', + 'apikey', 'servicenow_rest_url', 'short_description', 'comments', 'assignment_group', 'category', - 'subcategory', - 'cmdb_ci', - 'caller_id' + 'subcategory' ]) def __init__(self, rule): @@ -1816,7 +1813,7 @@ def alert(self, matches): "impact": self.rule["impact"], "urgency": self.rule["urgency"], "priority": self.rule["impact"], - "u_originating_group": self.rule["u_originating_group"], + "u_division": self.rule["u_division"], "contact_type": self.rule["contact_type"] } try: From 0745cea3f2aec18f3f0a2a7a59c7b58f289fb447 Mon Sep 17 00:00:00 2001 From: whuangIHM Date: Fri, 14 Mar 2025 21:33:11 -0500 Subject: [PATCH 12/14] [KZ-258] remove contact_type in payload --- elastalert/alerts.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/elastalert/alerts.py b/elastalert/alerts.py index 05ebcd7a0..4d01c5c32 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -1813,8 +1813,7 @@ def alert(self, matches): "impact": self.rule["impact"], "urgency": self.rule["urgency"], "priority": self.rule["impact"], - "u_division": self.rule["u_division"], - "contact_type": self.rule["contact_type"] + "u_division": self.rule["u_division"] } try: response = requests.post( From b5da06d810f63019fef66f6953212128892f10cc Mon Sep 17 00:00:00 2001 From: whuangIHM Date: Mon, 17 Mar 2025 13:42:26 -0500 Subject: [PATCH 13/14] [KZ-258] update flag servicedesk --- elastalert/alerts.py | 17 +++++++---------- elastalert/loaders.py | 2 +- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/elastalert/alerts.py b/elastalert/alerts.py index 4d01c5c32..da0b04c04 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -1779,7 +1779,7 @@ class ServiceNowAlerter(Alerter): """ Creates a ServiceNow alert """ required_options = set([ 'apikey', - 'servicenow_rest_url', + 'servicedesk_rest_url', 'short_description', 'comments', 'assignment_group', @@ -1789,8 +1789,7 @@ class ServiceNowAlerter(Alerter): def __init__(self, rule): super(ServiceNowAlerter, self).__init__(rule) - self.servicenow_rest_url = self.rule['servicenow_rest_url'] +"?zapikey="+ self.rule['apikey'] - self.servicenow_proxy = self.rule.get('servicenow_proxy', None) + self.servicedesk_rest_url = self.rule['servicedesk_rest_url'] +"?zapikey="+ self.rule['apikey'] def alert(self, matches): for match in matches: @@ -1802,7 +1801,6 @@ def alert(self, matches): "Content-Type": "application/json", "Accept": "application/json;charset=utf-8" } - proxies = {'https': self.servicenow_proxy} if self.servicenow_proxy else None payload = { "description": description, "short_description": self.rule['short_description'], @@ -1817,19 +1815,18 @@ def alert(self, matches): } try: response = requests.post( - self.servicenow_rest_url, + self.servicedesk_rest_url, headers=headers, data=json.dumps(payload, cls=DateTimeEncoder), - proxies=proxies ) response.raise_for_status() except RequestException as e: - raise EAException("Error posting to ServiceNow: %s" % e) - elastalert_logger.info("Alert sent to ServiceNow") + raise EAException("Error posting to ServiceDeskPlus: %s" % e) + elastalert_logger.info("Alert sent to ServiceDeskPlus") def get_info(self): - return {'type': 'ServiceNow', - 'self.servicenow_rest_url': self.rule['servicenow_rest_url']} + return {'type': 'ServiceDeskPlus', + 'self.servicedesk_rest_url': self.rule['servicedesk_rest_url']} class AlertaAlerter(Alerter): diff --git a/elastalert/loaders.py b/elastalert/loaders.py index 771194768..866f308cf 100644 --- a/elastalert/loaders.py +++ b/elastalert/loaders.py @@ -74,7 +74,7 @@ class RulesLoader(object): 'telegram': alerts.TelegramAlerter, 'googlechat': alerts.GoogleChatAlerter, 'gitter': alerts.GitterAlerter, - 'servicenow': alerts.ServiceNowAlerter, + 'servicedesk': alerts.ServiceNowAlerter, 'alerta': alerts.AlertaAlerter, 'post': alerts.HTTPPostAlerter, 'hivealerter': alerts.HiveAlerter From cce874bb7e1e77308f7ed8d1b2d4f539440dc246 Mon Sep 17 00:00:00 2001 From: whuangIHM Date: Tue, 18 Mar 2025 13:30:55 -0500 Subject: [PATCH 14/14] [KZ-258] update flag servicedeskplus --- elastalert/alerts.py | 8 ++++---- elastalert/loaders.py | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/elastalert/alerts.py b/elastalert/alerts.py index da0b04c04..2b014ec45 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -1779,7 +1779,7 @@ class ServiceNowAlerter(Alerter): """ Creates a ServiceNow alert """ required_options = set([ 'apikey', - 'servicedesk_rest_url', + 'servicedeskplus_rest_url', 'short_description', 'comments', 'assignment_group', @@ -1789,7 +1789,7 @@ class ServiceNowAlerter(Alerter): def __init__(self, rule): super(ServiceNowAlerter, self).__init__(rule) - self.servicedesk_rest_url = self.rule['servicedesk_rest_url'] +"?zapikey="+ self.rule['apikey'] + self.servicedeskplus_rest_url = self.rule['servicedeskplus_rest_url'] +"?zapikey="+ self.rule['apikey'] def alert(self, matches): for match in matches: @@ -1815,7 +1815,7 @@ def alert(self, matches): } try: response = requests.post( - self.servicedesk_rest_url, + self.servicedeskplus_rest_url, headers=headers, data=json.dumps(payload, cls=DateTimeEncoder), ) @@ -1826,7 +1826,7 @@ def alert(self, matches): def get_info(self): return {'type': 'ServiceDeskPlus', - 'self.servicedesk_rest_url': self.rule['servicedesk_rest_url']} + 'self.servicedeskplus_rest_url': self.rule['servicedeskplus_rest_url']} class AlertaAlerter(Alerter): diff --git a/elastalert/loaders.py b/elastalert/loaders.py index 866f308cf..8e2298a6d 100644 --- a/elastalert/loaders.py +++ b/elastalert/loaders.py @@ -74,7 +74,7 @@ class RulesLoader(object): 'telegram': alerts.TelegramAlerter, 'googlechat': alerts.GoogleChatAlerter, 'gitter': alerts.GitterAlerter, - 'servicedesk': alerts.ServiceNowAlerter, + 'servicedeskplus': alerts.ServiceNowAlerter, 'alerta': alerts.AlertaAlerter, 'post': alerts.HTTPPostAlerter, 'hivealerter': alerts.HiveAlerter