Ability to have Threat Prevention policies link to ServiceNow for automatic ticket creation

What is a one sentence summary of your feature request?

I would like a feature add that allows a creation of a ticket when a monitor is alerted

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

Currently, I run both 7.5 and 8.0’s latest versions and would like to have the ability to incorporate having ServiceNow tickets or other ticketing systems open an Incident ticket when a specific monitor is tripped. Like if someone tries to add to a HP group, they get blocked and a ticket is created along with the monitoring email that is sent.

How do you currently solve the challenges you have by not having this feature?

I currently solve this by creating powershell scripts that are added to the Actions Tab. I’d like to have this built in, rather than having to script it out.

Hi Jay,

Thanks for the submission. This is a great idea, and I’m glad you’re able to tackle it with the custom PowerShell today. I’ll review this with the team and see what they think of this as a roadmap item. Longer-term, I can I would expect to see functionality like this existing in the platform we’re developing.

If possible, sanitizing and sharing the PowerShell you use today could assist in expediting any development efforts here.

ok, I’ll get that script sanitized and see about adding it here, or send over to the team.