Skip to content
English
More support Customer portal Sign in
Contact us
  • There are no suggestions because the search field is empty.

Configuring ServiceNow to create Cydarm cases from incidents

This article explains how to automatically create Cydarm cases from ServiceNow incidents.

Overview

This guide walks you through configuring ServiceNow to automatically send a webhook to Cydarm whenever a new incident is created, resulting in a corresponding Cydarm case.

Prerequisites

  • Access to a Cydarm instance with “integration manager” attribute

  • Access to a ServiceNow instance with admin permissions

How the ServiceNow integration works

The integration works as follows:

  1. A new incident is created in ServiceNow.

  2. A business rule fires after the incident is inserted.

  3. The business rule executes a script that converts the incident into a JSON payload and sends it to Cydarm via an outbound REST webhook.

  4. Cydarm receives the webhook and creates a new case.

Part 1: Configure the webhook endpoint in Cydarm

  1. In Cydarm, navigate to Settings → Advanced Connectors.

  2. Create a new connector of type Webhook Endpoint.

  3. Give it a name, e.g. "ServiceNow” with description “Receives New Incidents from ServiceNow".

  4. In the case description field, enter a default description such as "This is a ServiceNow incident."

  5. Copy the webhook URL — you will need this in the next section.

  6. Click Submit.

Part 2: Create the outbound REST message in ServiceNow

  1. In ServiceNow, navigate to System Web Services → Outbound - REST Message.

    Tip: This can be hard to find under "All". Use the navigator filter or save it to your Favorites for quick access.

  2. Click New to create a new REST message.

  3. Configure the following:

    • Name: Cydarm Webhook

    • Endpoint: Paste the webhook URL you copied from Cydarm.

    • Authentication: No authentication is required - the secret is contained in the webhook URL.

  4. Click Submit.

  5. Reopen the newly created REST message. You will see a Default GET method listed.

  6. Click on the default method to edit it:

    • Name: Change to POST

    • HTTP Method: Change from GET to POST

    • Endpoint: Confirm the Cydarm webhook URL is present.

  7. Click Update to save.

You now have an outbound REST message configured and ready to use.

Part 3: Create the business rule

  1. Navigate to System Definition → Business Rules.

  2. Click New to create a new business rule.

  3. Configure the following fields:

    • Name: Cydarm Incident Send

    • Table: Incident [incident] (use the filter to find it — it will appear as "Incident [incident]")

    • Advanced: Check this box ✅ - this reveals the additional configuration tabs.

  4. Under the main settings:

    • When: after

    • Insert: Check this box ✅

    • Leave Update, Delete, and Query unchecked.

  5. Skip the Actions tab - it is not needed for this integration.

  6. Go to the Advanced tab and paste the following script into the Script field:

 (function executeRule(current, previous /*null when async*/) {
    try {
        var r = new sn_ws.RESTMessageV2('Cydarm Webhook', 'POST');

        // Build the payload with all relevant incident fields
        var payload = {
            sys_id: current.sys_id.toString(),
            number: current.number.toString(),
            short_description: current.short_description.toString(),
            description: current.description.toString(),
            priority: current.priority.toString(),
            state: current.state.toString(),
            impact: current.impact.toString(),
            urgency: current.urgency.toString(),
            category: current.category.toString(),
            subcategory: current.subcategory.toString(),
            sys_created_on: current.sys_created_on.toString(),
            caller_id: {
                value: current.caller_id.toString(),
                display_value: current.caller_id.getDisplayValue()
            },
            assigned_to: {
                value: current.assigned_to.toString(),
                display_value: current.assigned_to.getDisplayValue()
            },
            assignment_group: {
                value: current.assignment_group.toString(),
                display_value: current.assignment_group.getDisplayValue()
            },
            instance_name: gs.getProperty('instance_name')
        };

        r.setRequestBody(JSON.stringify(payload));

        var response = r.execute();
        var responseBody = response.getBody();
        var statusCode = response.getStatusCode();

        if (statusCode != 200 && statusCode != 201) {
            gs.error('Cydarm webhook failed: ' + statusCode + ' - ' + responseBody);
        } else {
            gs.info('Cydarm webhook sent successfully for incident: ' + current.number);
        }

    } catch(ex) {
        gs.error('Cydarm webhook exception: ' + ex.getMessage());
    }
})(current, previous);

7. Click Submit to save the business rule.

About the script

The incoming incident is a ServiceNow GlideRecord object, which cannot be directly serialised to JSON. The script manually extracts each field and converts it to a string. For reference fields such as caller_id, assigned_to, and assignment_group, both the raw sys_id value and the human-readable display value are included.

The script also includes error handling and logging. You can check the results in System Logs → System Log → All by searching for "Cydarm webhook".

Part 4: Test the integration

  1. In ServiceNow, navigate to Service Desk → Incidents.

  2. Click New to create a test incident.

  3. Fill in the required fields (e.g. set the Caller to a test user and enter a short description such as "Cybersecurity incident occurred").

  4. Click Submit.

  5. Switch to Cydarm and check the Case List. A new case should appear within a few seconds.

  6. Open the case to verify the incident fields have been populated correctly.

Part 5: Configure Cydarm case metadata (optional)

Once the basic integration is working, you can improve how cases appear in Cydarm by mapping incoming webhook data to case fields.

  1. In Cydarm, go to Settings → Advanced Connectors and edit your webhook connector.

  2. Update the Description to use incoming data fields, e.g.:

    • {{data.number}} — the ServiceNow incident number

    • {{data.short_description}} — the incident summary

  3. Under Metadata, add a field to store the incident number:

    • Key: ServiceNow Incident Number

    • Value: {{data.number}}

  4. Click Submit.

  5. Create another test incident in ServiceNow and verify that the new Cydarm case has the incident number in its title and metadata.

Troubleshooting

The webhook doesn't fire:

  • Confirm the business rule is Active and set to run after insert on the incident table.

  • Check that the Advanced checkbox is ticked and the script is in the Advanced tab, not the Actions tab.

The webhook fires but Cydarm doesn't receive it:

  • Check System Logs → Outbound HTTP Requests in ServiceNow to confirm the request was sent and inspect the response code.

  • Verify the endpoint URL in the REST message matches the webhook URL from Cydarm.

Fields are empty in the Cydarm case:

  • The test incident may not have had values in those fields. Try creating an incident with more fields populated.

  • Check the script for typos in field names.

Debugging business rule execution:

  • Enable System Diagnostics → Session Debug → Debug Business Rule, then trigger an incident and check the system logs.

  • Add gs.info() statements to the script to trace execution.