Sending GCP Alerts to ServiceNow
This blog outlines the process of integrating Google Cloud Monitoring (GCM) alerts with ServiceNow, enabling automatic incident creation in ServiceNow when GCM alerts are triggered. This integration enhances incident response efficiency and streamlines event management processes.
1. Low-Level Architecture
2. Components and Interactions:
Google Cloud Monitoring:
a. Alert Triggered: When a monitored resource in Google Cloud (e.g., VM instance, Cloud SQL database) violates a predefined condition, an alert is triggered.
b. Webhook Event: Google Cloud Monitoring sends an HTTP POST request (webhook event) to a specified webhook URL. This event contains structured data about the alert (severity, resource details, etc.).
ServiceNow:
a. Webhook URL: A unique endpoint within your ServiceNow instance is configured to receive webhook events.
b. Event Received: ServiceNow receives the webhook event and parses the incident data.
c. Incident Created: Based on the received data, ServiceNow automatically creates an incident record. This incident can include relevant details like the affected resource, alert type, severity, and timestamps.
3. Prerequisite
ServiceNow:
- A ServiceNow instance with the Event Management Connectors (sn_em_connector) plugin installed.
- A ServiceNow user account with the evt_mgmt_integration role assigned.
- evt_mgmt_integration role — Can create raw events and register nodes. This should be used to send events or register nodes via REST Web Services.
Google Cloud Platform (GCP):
- A GCP project with Cloud Monitoring enabled.
- Permissions to create alerting policies and notification channels (webhooks) in GCP.
4. Procedure
Now that all the prerequisites are completed follow below steps to integrate GCP Monitoring alerts with ServiceNow to send GCP alerts to ServiceNow.
ServiceNow:
- Verify the Event Management Connectors plugin is installed and active.
- Ensure your designated ServiceNow user has the evt_mgmt_integration role.
GCP Console:
- Navigate to Monitoring > Alerting > Edit Notification Channels.
- Click Add New under Webhooks.
- Enter the ServiceNow webhook endpoint URL:
https://<instance-name>.service-now.com/api/sn_em_connector/em/inbound_event?source=googlemonitor (replace <instance-name> with your actual instance).
- Select Use HTTP Basic Auth and enter the ServiceNow user’s credentials.
- Test Connection to verify successful communication.
ServiceNow (Verification):
- In ServiceNow, go to Event Management > All Events.
- Confirm that a “Test Event” has been generated, indicating the webhook is working.
GCP Console (Alerting Policy):
- Go to Monitoring > Alerting.
- Click Create Policy.
- Define the conditions that will trigger alerts.
- Select the newly created webhook as the notification channel.
Verification and Ongoing Monitoring:
- Trigger an alert in GCP to test the full integration.
- In ServiceNow, monitor Event Management > All Events to see the corresponding incident created.
Note:
GCP does not include certain details like severity in the alert payload. Default severity in ServiceNow is “Minor” but can be adjusted in Push Connectors > Google Monitor Push Connector.
Hope you found this article helpful. You can reach out to me on LinkedIn.