Sending GCP Alerts to ServiceNow

This blog outlines the process of integrating Google Cloud Monitoring (GCM) alerts with ServiceNow, enabling automatic incident creation in ServiceNow when GCM alerts are triggered. This integration enhances incident response efficiency and streamlines event management processes.

1. Low-Level Architecture

Fig. GCP monitoring and ServiceNow integration

2. Components and Interactions:

Google Cloud Monitoring:

a. Alert Triggered: When a monitored resource in Google Cloud (e.g., VM instance, Cloud SQL database) violates a predefined condition, an alert is triggered.

b. Webhook Event: Google Cloud Monitoring sends an HTTP POST request (webhook event) to a specified webhook URL. This event contains structured data about the alert (severity, resource details, etc.).

ServiceNow:

a. Webhook URL: A unique endpoint within your ServiceNow instance is configured to receive webhook events.

b. Event Received: ServiceNow receives the webhook event and parses the incident data.

c. Incident Created: Based on the received data, ServiceNow automatically creates an incident record. This incident can include relevant details like the affected resource, alert type, severity, and timestamps.

3. Prerequisite

ServiceNow:

• A ServiceNow instance with the Event Management Connectors (sn_em_connector) plugin installed.
• A ServiceNow user account with the evt_mgmt_integration role assigned.
• evt_mgmt_integration role — Can create raw events and register nodes. This should be used to send events or register nodes via REST Web Services.

Google Cloud Platform (GCP):

• A GCP project with Cloud Monitoring enabled.
• Permissions to create alerting policies and notification channels (webhooks) in GCP.

4. Procedure

Now that all the prerequisites are completed follow below steps to integrate GCP Monitoring alerts with ServiceNow to send GCP alerts to ServiceNow.

ServiceNow:

• Verify the Event Management Connectors plugin is installed and active.

Fig. Event Management Connector

• Ensure your designated ServiceNow user has the evt_mgmt_integration role.

Fig. evt_mgmt_integration role

GCP Console:

• Navigate to Monitoring > Alerting > Edit Notification Channels.
• Click Add New under Webhooks.
• Enter the ServiceNow webhook endpoint URL:
  https://<instance-name>.service-now.com/api/sn_em_connector/em/inbound_event?source=googlemonitor (replace <instance-name> with your actual instance).

Fig. Get URL from the REST API server in ServiceNow

• Select Use HTTP Basic Auth and enter the ServiceNow user’s credentials.
• Test Connection to verify successful communication.

Fig. Set-up Webhook in Notification Channel

ServiceNow (Verification):

• In ServiceNow, go to Event Management > All Events.
• Confirm that a “Test Event” has been generated, indicating the webhook is working.

GCP Console (Alerting Policy):

• Go to Monitoring > Alerting.
• Click Create Policy.
• Define the conditions that will trigger alerts.
• Select the newly created webhook as the notification channel.

Verification and Ongoing Monitoring:

• Trigger an alert in GCP to test the full integration.
• In ServiceNow, monitor Event Management > All Events to see the corresponding incident created.

Fig. Test trigger reflected in ServiceNow AllEvents

Note:

GCP does not include certain details like severity in the alert payload. Default severity in ServiceNow is “Minor” but can be adjusted in Push Connectors > Google Monitor Push Connector.

Hope you found this article helpful. You can reach out to me on LinkedIn.