Automatically raise incidents in ServiceNow from SCOM alerts - Alert Sync 1.0 is now live!
Good news! Cookdown Alert Sync 1.0 is now avaliable, allowing ServiceNow incidents to be automatically raised for SCOM alerts
That’s great… now who is Cookdown? and how does Alert Sync work?
Squared Up's little brother: Cookdown
Cookdown was born earlier this year and is a spin out fromSquared Up, born to champion Microsoft System Center Operations Manager (SCOM)and allow it to continue to be the best of breed monitoring tool for your ITinfrastructure. If you missed our announcement blog from back in March go checkit out here.
Alert Sync?!
Alert Sync is super simple – it integrates SCOM alerts into ServiceNow, allowing ServiceNow to automatically raise incidents for received alerts based on rules you define. What is ServiceNow? a Gartner Magic Quadrant leader for IT Service Management tool and Software Asset Management among other things (if these things mean nothing to you, think IT ticketing + Configuration Management system and you will be along the right lines).
Why does anyone want to do this?
The reasons for this can be wide and varied. Fromenlightened SCOM Admins wanting to show more value to their managers thoughintegrations to the classic "my CIO is mandating we use ServiceNow foreverything", resulting in every system that has a stake in IT funnellingdata into ServiceNow.
CIO visions aside, the ITIL definition of an Incident looks very similar to the reality of most SCOM alerts "an unplanned interruption to an IT service or reduction in the quality of an IT service or a failure of a Configuration Item that has not yet impacted an IT service (for example failure of one disk from a mirror set)". You will want your SCOM alerts in whatever system you manage incidents in if you even vaguely follow ITIL (which it turns out most organisations do).
Alert Sync gives you the power
Alert sync gives power to the SCOM Administrator – you can choose which SCOM alerts get pushed to ServiceNow based on SCOM group, alert target and alert criteria. This is also helpful where your SCOM environment is poorly tuned so you may not want to expose ServiceNow to every alert (though we would suggest you tune SCOM using Easy Tune – our free alert override tuning solution instead).
Equally if your concern is ServiceNow, you can choose which received alerts are turned into incidents and how they are routed with "Incident Creation Rules" in ServiceNow (using our ServiceNow Connector app in ServiceNow).
Incident Creation Rules contain criteria as simple or as complex as you want them to be – have a look at this simple example for raising incidents received that where raised by SQL for a feel of how this works:
Incident data in SCOM
While shovelling SCOM Alerts into ServiceNow and managing them there though incidents sounds great, who is going to handle the SCOM Alerts themselves?
We hear you! With the Bi-directional functionality in Alert Sync, the humble SCOM Alert is updated with the incident ID, assignee, assignment group, business service and incident state so it is always clear what is happening with incidents raised, and to top it off, when the Incident is resolved we close the SCOM alert for you.
As we are SCOM experts we understand that you cant simply close all SCOM alerts – we reset dependency monitors when closing alerts generated from them (if you don’t do this dependency monitors dont throw alerts again – more on how we do this on our blog here)
Go check out Alert Sync to hear more about what it is andhow it works here: https://cookdown.com/alert-sync