{ "name":"ServiceNow_Discovery", "version":"4.0", "type":"REST_EVENT", "event_type":[ "HOST_ADDRESS_IPV4", "HOST_ADDRESS_IPV6", "FIXED_ADDRESS_IPV4", "FIXED_ADDRESS_IPV6", "NETWORK_IPV4", "NETWORK_IPV6", "DISCOVERY_DATA" ], "vendor_identifier":"ServiceNow", "quoting":"XMLA", "instance_variables": [ { "name": "Severity", "type": "INT", "value": "3" } ], "steps":[ { "name":"assignTimeValue", "operation":"NOP", "body_list":[ "${XC:COPY:{L:ServiceNowAddDate}:{UT:TIME}}${XC:FORMAT:TRUNCATE:{L:ServiceNowAddDate}:{10t}}" ] }, { "name":"Debug#0", "operation":"NOP", "body":"${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name":"Skip_ObjectDeletion", "operation":"CONDITION", "condition":{ "statements":[ { "left":"${E:A:operation_type}", "op":"==", "right":"DELETE" } ], "condition_type":"OR", "stop":true } }, { "name":"Check_for_ipv4_ipv6", "operation":"CONDITION", "condition":{ "statements":[ { "left":"${E:A:values{is_ipv4}}", "op":"==", "right":"true" } ], "condition_type":"OR", "eval" : "${XC:ASSIGN:{L:IPReq}:{S:ipv4address}}${XC:COPY:{L:address}:{E:values{ip_address}}}", "else_eval" : "${XC:ASSIGN:{L:IPReq}:{S:ipv6address}}${XC:COPY:{L:address}:{E:values{ip_address}}}", "else_next" : "Start_To_Get_Ref_For_Discovery_ipv6" } }, { "name": "Start_To_Get_Ref_For_Discovery", "operation": "GET", "transport": { "path": "${L:U:IPReq}?ip_address=${L:U:address}&_return_fields=discovered_data,status,network,types,ip_address,mac_address,lease_state,usage,objects" }, "wapi": "v2.7" }, { "name":"Jump_to_Debugref", "operation":"CONDITION", "condition":{ "statements":[ { "left":"1", "op":"==", "right":"1" } ], "condition_type":"OR", "next":"Debug#GetRef" } }, { "name": "Start_To_Get_Ref_For_Discovery_ipv6", "operation": "GET", "transport": { "path": "${L:U:IPReq}?ip_address=${L:U:address}&_return_fields=discovered_data,status,network,types,ip_address,lease_state,usage,objects" }, "wapi": "v2.7" }, { "name":"Debug#GetRef", "operation":"NOP", "body":"${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "check_if_we_have_an_object_for_Discovery", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:PARSE[0]{types}[0]}", "op": "!=", "right": "UNMANAGED" } ], "eval": "${XC:COPY:{L:Obj_refs}:{P:PARSE[0]{objects}}}", "else_next": "Assign_Network" } }, { "name": "Check_if_an_object_list_is_empty_for_Discovery", "operation": "CONDITION", "condition": { "statements": [ { "left": "${L:L:Obj_refs}", "op": "==", "right": "0" } ], "condition_type": "AND", "stop": true } }, { "name": "Pop_object_from_the_list_for_Discovery", "operation": "VARIABLEOP", "variable_ops": [ { "operation": "POP", "type": "SINGLE", "destination": "L:Ref", "source": "L:Obj_refs" } ] }, { "name": "DebugL_For_Loop_2", "operation": "NOP", "body": "${XC:DEBUG:{L:}}" }, { "name": "check_an_obj_type_for_Discovery", "operation": "CONDITION", "condition": { "statements": [ { "left": "${L:A:Ref}", "op": "=~", "right": "record:host.*" }, { "left": "${L:A:Ref}", "op": "=~", "right": "fixedaddress.*" }, { "left": "${L:A:Ref}", "op": "=~", "right": "ipv6fixedaddress.*" } ], "condition_type": "OR", "eval": "${XC:COPY:{L:Obj_ref}:{L:Ref}}", "else_next": "Create an incident" } }, { "name": "Check_If_DISCOVERY_DATA", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:PARSE[0]{discovered_data}{os}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:os}:{P:PARSE[0]{discovered_data}{os}}}", "else_eval": "${XC:ASSIGN:{L:os}:{S:Null}}" } }, { "name": "Check_For_Ref", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${L:A:Obj_ref}", "op": "==", "right": "" } ], "next": "Create an incident" } }, { "name": "Get_Extensible_attributes", "operation": "GET", "transport": { "path": "${L:A:Obj_ref}?_return_fields=extattrs" }, "wapi": "v2.7" }, { "name": "Check_For_Location", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:extattrs{ServiceNow_Location}{value}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ServiceNow_Location}:{P:extattrs{ServiceNow_Location}{value}}", "else_eval": "${XC:ASSIGN:{L:ServiceNow_Location}:{S:Null}}" } }, { "name": "Check_For_Sync", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:extattrs{ServiceNow_Sync}{value}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ServiceNow_Sync}:{P:extattrs{ServiceNow_Sync}{value}}", "else_eval": "${XC:ASSIGN:{L:ServiceNow_Sync}:{S:Null}}" } }, { "name": "Check_For_AddIncident", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:extattrs{ServiceNow_Add_Incident}{value}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ServiceNow_Add_Incident}:{P:extattrs{ServiceNow_Add_Incident}{value}}", "else_eval": "${XC:ASSIGN:{L:ServiceNow_Add_Incident}:{S:Null}}" } }, { "name": "Check_For_Add_SecurityIncident", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:extattrs{ServiceNow_Discov_AddSecurInc}{value}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ServiceNow_Discov_AddSecurInc}:{P:extattrs{ServiceNow_Discov_AddSecurInc}{value}}", "else_eval": "${XC:ASSIGN:{L:ServiceNow_Discov_AddSecurInc}:{S:Null}}" } }, { "name": "Check_For_Discover_AllDevices", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:extattrs{ServiceNow_Discov_AllNew}{value}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ServiceNow_Discov_AllNew}:{P:extattrs{ServiceNow_Discov_AllNew}{value}}", "else_eval": "${XC:ASSIGN:{L:ServiceNow_Discov_AllNew}:{S:Null}}" } }, { "name": "Check_For_Synced_Time", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:extattrs{ServiceNow_SyncedAt}{value}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ServiceNow_SyncedAt}:{P:extattrs{ServiceNow_SyncedAt}{value}}", "else_eval": "${XC:ASSIGN:{L:ServiceNow_SyncedAt}:{S:Null}}" } }, { "name":"Debug#GetManagedLocal", "operation":"NOP", "body":"${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name":"Check_if_SyncAllDevices", "operation":"CONDITION", "condition":{ "condition_type":"OR", "statements":[ { "left":"${L:A:ServiceNow_Discov_AllNew}", "op":"==", "right":"false" } ], "stop":true } }, { "name":"SetoldTime", "operation":"CONDITION", "condition":{ "condition_type":"OR", "statements":[ { "left":"${L:A:ServiceNow_SyncedAt}", "op":"!=", "right":"" } ], "eval":"${XC:ASSIGN:{L:oldTime}:{S:}}", "else_eval":"${XC:COPY:{L:oldTime}:{L:A:ServiceNow_SyncedAt}}${XC:FORMAT:TRUNCATE:{L:oldTime}:{10t}}" } }, { "name": "Jump to ExtAttr Checks", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "Debug#GetEA" } }, { "name": "Assign_Network", "operation": "NOP", "body_list": [ "${XC:COPY:{L:network_view}:{P:PARSE[0]{network}}${XC:COPY:{L:Obj_ref}:{P:PARSE[0]{_ref}[0]}" ] }, { "name":"Skip_Unmanaged_Modify", "operation":"CONDITION", "condition":{ "statements":[ { "left":"${E:A:operation_type}", "op":"==", "right":"MODIFY" } ], "condition_type":"OR", "stop":true } }, { "name": "Get_Extensible_attributes Unmanaged", "operation": "GET", "transport": { "path": "network?network=${L:U:network_view}&_return_fields=extattrs" }, "wapi": "v2.7" }, { "name": "Check_For_Location1", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:PARSE[0]{extattrs}{ServiceNow_Location}{value}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ServiceNow_Location}:{P:PARSE[0]{extattrs}{ServiceNow_Location}{value}}", "else_eval": "${XC:ASSIGN:{L:ServiceNow_Location}:{S:Null}}" } }, { "name": "Check_For_Sync1", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:PARSE[0]{extattrs}{ServiceNow_Sync}{value}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ServiceNow_Sync}:{P:PARSE[0]{extattrs}{ServiceNow_Sync}{value}}", "else_eval": "${XC:ASSIGN:{L:ServiceNow_Sync}:{S:Null}}" } }, { "name": "Check_For_AddIncident1", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:PARSE[0]{extattrs}{ServiceNow_Add_Incident}{value}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ServiceNow_Add_Incident}:{P:PARSE[0]{extattrs}{ServiceNow_Add_Incident}{value}}", "else_eval": "${XC:ASSIGN:{L:ServiceNow_Add_Incident}:{S:Null}}" } }, { "name": "Check_For_Add_SecurityIncident1", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:PARSE[0]{extattrs}{ServiceNow_Discov_AddSecurInc}{value}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ServiceNow_Discov_AddSecurInc}:{P:PARSE[0]{extattrs}{ServiceNow_Discov_AddSecurInc}{value}}", "else_eval": "${XC:ASSIGN:{L:ServiceNow_Discov_AddSecurInc}:{S:Null}}" } }, { "name":"Debug#GetUnManagedLocal", "operation":"NOP", "body":"${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name":"Debug#GetEA", "operation":"NOP", "body":"${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name":"stopaddifnotwanted", "operation":"CONDITION", "condition":{ "condition_type":"OR", "statements":[ { "left":"${L:A:ServiceNow_Sync}", "op":"==", "right":"false" } ], "stop":true } }, { "name":"stopaddifnotneeded", "operation":"CONDITION", "condition":{ "condition_type":"OR", "statements":[ { "left":"${L:A:oldTime}", "op":"==", "right":"${L:A:ServiceNowAddDate}" } ], "stop":true } }, { "name":"checkifhosttoaddhostname", "operation":"CONDITION", "condition":{ "statements":[ { "left":"${E:A:event_type}", "op":"=~", "right":"DISCOVERY_DATA" } ], "condition_type":"AND", "eval":"${XC:COPY:{L:Host_Name}:{E:values{ip_address}}}" } }, { "name": "assignDeviceVariables from E:", "operation": "NOP", "body_list": [ "${XC:COPY:{L:address}:{E:values{ip_address}}}${XC:COPY:{L:name}:{E:values{discovered_name}}}${XC:COPY:{L:type}:{E:values{device_type}}}${XC:COPY:{L:Location}:{E:values{device_location}}${XC:COPY:{L:description}:{E:values{network_component_description}}${XC:COPY:{L:os_version}:{E:values{os}}${XC:COPY:{L:model}:{E:values{device_model}}${XC:COPY:{L:vendor}:{E:values{device_vendor}}", "${XC:COPY:{L:timestamp}:{E:timestamp}}" ] }, { "name": "assignDeviceVariables from E: model", "operation": "NOP", "body_list": [ "${XC:COPY:{L:model}:{E:values{device_model}}" ] }, { "name": "check if unmanaged", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E:A:values{unmanaged}}", "op": "==", "right": "true" } ], "condition_type": "AND", "eval": "${XC:ASSIGN:{L:managed}:{S:False}}", "else_eval": "${XC:ASSIGN:{L:managed}:{S:True}}" } }, { "name": "check if discovered mac_address is present", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E:A:values{mac_address}}", "op": "!=", "right": "None" }, { "left": "${E:A:values{mac_address}}", "op": "!=", "right": "" } ], "condition_type": "AND", "eval": "${XC:COPY:{L:mac}:{E:values{mac_address}}}", "next": "assignMac from L: for fixed" } }, { "name": "check if discovered vmhost_mac_address is present", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E:A:values{vmhost_mac_address}}", "op": "!=", "right": "None" }, { "left": "${E:A:values{vmhost_mac_address}}", "op": "!=", "right": "" } ], "condition_type": "AND", "eval": "${XC:COPY:{L:mac}:{E:values{vmhost_mac_address}}}", "next": "assignMac from L: for fixed" } }, { "name": "check if discovered vport_mac_address is present", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E:A:values{vport_mac_address}}", "op": "!=", "right": "None" }, { "left": "${E:A:values{vport_mac_address}}", "op": "!=", "right": "" } ], "condition_type": "AND", "eval": "${XC:COPY:{L:mac}:{E:values{vport_mac_address}}}", "next": "assignMac from L: for fixed" } }, { "name": "Skip to create incident if no mac", "operation": "CONDITION", "condition": { "statements": [ { "left": "1", "op": "==", "right": "1" } ], "condition_type": "AND", "next": "Debug#Incident" } }, { "name": "assignMac from L: for fixed", "operation": "NOP", "body_list": [ "${XC:COPY:{L:Mac1}:{L:mac}}${XC:FORMAT:TRUNCATE:{L:Mac1}:{2t}}", "${XC:COPY:{L:Mac2}:{L:mac}}${XC:FORMAT:TRUNCATE:{L:Mac2}:{5t}}${XC:FORMAT:TRUNCATE:{L:Mac2}:{-2f}}", "${XC:COPY:{L:Mac3}:{L:mac}}${XC:FORMAT:TRUNCATE:{L:Mac3}:{8t}}${XC:FORMAT:TRUNCATE:{L:Mac3}:{-2f}}", "${XC:COPY:{L:Mac4}:{L:mac}}${XC:FORMAT:TRUNCATE:{L:Mac4}:{11t}}${XC:FORMAT:TRUNCATE:{L:Mac4}:{-2f}}", "${XC:COPY:{L:Mac5}:{L:mac}}${XC:FORMAT:TRUNCATE:{L:Mac5}:{14t}}${XC:FORMAT:TRUNCATE:{L:Mac5}:{-2f}}", "${XC:COPY:{L:Mac6}:{L:mac}}${XC:FORMAT:TRUNCATE:{L:Mac6}:{-2f}}", "${XC:COPY:{L:MacFull}:{L:mac}}" ] }, { "name": "Get Check if duplicate endpoint with Fixed", "operation": "GET", "parse": "JSON", "headers": { "Authorization": "Bearer ${S:A:SESSID}" }, "transport": { "path": "/api/endpoint/mac-address/${L:A:Mac1}${L:A:Mac2}${L:A:Mac3}${L:A:Mac4}${L:A:Mac5}${L:A:Mac6}" }, "result": [{ "codes": "200,201,202,203,204,404,405", "next": "Debug#Incident" }] }, { "name": "Stop everthing if duplicate is found", "operation": "CONDITION", "condition": { "statements": [ { "left": "${P:A:mac_address}", "op": "!=", "right": "" } ], "condition_type": "OR", "stop": true } }, { "name":"Debug#Incident", "operation":"NOP", "body":"${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "check_vnode_oid ", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:vnode_oid}", "op": "!=", "right": "" }, { "left": "${E:A:vnode_oid}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vnode_oid}:{S:vnode_oid:}}${XC:COPY:{L:vnode_oid}:{E:vnode_oid}}${XC:ASSIGN:{L:nl1}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vnode_oid}:{S:}}${XC:ASSIGN:{L:vnode_oid}:{S:}}${XC:ASSIGN:{L:nl1}:{S:}}" } }, { "name": "check_vswitch_segment_port_group", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:vswitch_segment_port_group}", "op": "!=", "right": "" }, { "left": "${E:A:vswitch_segment_port_group}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vswitch_segment_port_group}:{S:vswitch_segment_port_group:}}${XC:COPY:{L:vswitch_segment_port_group}:{E:vswitch_segment_port_group}}${XC:ASSIGN:{L:nl2}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vswitch_segment_port_group}:{S:}}${XC:ASSIGN:{L:vswitch_segment_port_group}:{S:}}${XC:ASSIGN:{L:nl2}:{S:}}" } }, { "name": "check_discoverer", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{discoverer}}", "op": "!=", "right": "" }, { "left": "${E:A:values{discoverer}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_discoverer}:{S:discoverer:}}${XC:COPY:{L:discoverer}:{E:values{discoverer}}}${XC:ASSIGN:{L:nl3}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_discoverer}:{S:}}${XC:ASSIGN:{L:discoverer}:{S:}}${XC:ASSIGN:{L:nl3}:{S:}}" } }, { "name": "check_vswitch_name", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vswitch_name}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vswitch_name}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vswitch_name}:{S:vswitch_name:}}${XC:COPY:{L:vswitch_name}:{E:values{vswitch_name}}}${XC:ASSIGN:{L:nl4}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vswitch_name}:{S:}}${XC:ASSIGN:{L:vswitch_name}:{S:}}${XC:ASSIGN:{L:nl4}:{S:}}" } }, { "name": "check_netbios_name", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{netbios_name}}", "op": "!=", "right": "" }, { "left": "${E:A:values{netbios_name}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_netbios_name}:{S:netbios_name:}}${XC:COPY:{L:netbios_name}:{E:values{netbios_name}}}${XC:ASSIGN:{L:nl5}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_netbios_name}:{S:}}${XC:ASSIGN:{L:netbios_name}:{S:}}${XC:ASSIGN:{L:nl5}:{S:}}" } }, { "name": "check_vmi_id", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vmi_id}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vmi_id}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vmi_id}:{S:vmi_id }}${XC:COPY:{L:vmi_id}:{E:values{vmi_id}}}${XC:ASSIGN:{L:nl6}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vmi_id}:{S:}}${XC:ASSIGN:{L:vmi_id}:{S:}}${XC:ASSIGN:{L:nl6}:{S:}}" } }, { "name": "check_port_type", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{port_type}}", "op": "!=", "right": "" }, { "left": "${E:A:values{port_type}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_port_type}:{S:port_type:}}${XC:COPY:{L:port_type}:{E:values{port_type}}}${XC:ASSIGN:{L:nl7}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_port_type}:{S:}}${XC:ASSIGN:{L:port_type}:{S:}}${XC:ASSIGN:{L:nl7}:{S:}}" } }, { "name": "check_unmanaged ", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{unmanaged}}", "op": "!=", "right": "" }, { "left": "${E:A:values{unmanaged}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_unmanaged}:{S:unmanaged:}}${XC:COPY:{L:unmanaged}:{E:values{unmanaged}}}${XC:ASSIGN:{L:nl8}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_unmanaged}:{S:}}${XC:ASSIGN:{L:unmanaged}:{S:}}${XC:ASSIGN:{L:nl8}:{S:}}" } }, { "name": "check_vswitch_available_ports_count", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vswitch_available_ports_count}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vswitch_available_ports_count}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vswitch_available_ports_count}:{S:vswitch_available_ports_count:}}${XC:COPY:{L:vswitch_available_ports_count}:{E:values{vswitch_available_ports_count}}}${XC:ASSIGN:{L:nl9}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vswitch_available_ports_count}:{S:}}${XC:ASSIGN:{L:vswitch_available_ports_count}:{S:}}${XC:ASSIGN:{L:nl9}:{S:}}" } }, { "name": "check_vport_mode", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vport_mode}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vport_mode}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vport_mode}:{S:vport_mode:}}${XC:COPY:{L:vport_mode}:{E:values{vport_mode}}}${XC:ASSIGN:{L:nl10}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vport_mode}:{S:}}${XC:ASSIGN:{L:vport_mode}:{S:}}${XC:ASSIGN:{L:nl10}:{S:}}" } }, { "name": "check_iprg_state", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{iprg_state}}", "op": "!=", "right": "" }, { "left": "${E:A:values{iprg_state}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_iprg_state}:{S:iprg_state:}}${XC:COPY:{L:iprg_state}:{E:values{iprg_state}}}${XC:ASSIGN:{L:nl11}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_iprg_state}:{S:}}${XC:ASSIGN:{L:iprg_state}:{S:}}${XC:ASSIGN:{L:nl11}:{S:}}" } }, { "name": "check_v_os", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{v_os}}", "op": "!=", "right": "" }, { "left": "${E:A:values{v_os}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_v_os}:{S:v_os:}}${XC:COPY:{L:v_os}:{E:values{v_os}}}${XC:ASSIGN:{L:nl12}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_v_os}:{S:}}${XC:ASSIGN:{L:v_os}:{S:}}${XC:ASSIGN:{L:nl12}:{S:}}" } }, { "name": "check_cisco_ise_endpoint_profile", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{cisco_ise_endpoint_profile}}", "op": "!=", "right": "" }, { "left": "${E:A:values{cisco_ise_endpoint_profile}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_cisco_ise_endpoint_profile}:{S:cisco_ise_endpoint_profile:}}${XC:COPY:{L:cisco_ise_endpoint_profile}:{E:values{cisco_ise_endpoint_profile}}}${XC:ASSIGN:{L:nl13}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_cisco_ise_endpoint_profile}:{S:}}${XC:ASSIGN:{L:cisco_ise_endpoint_profile}:{S:}}${XC:ASSIGN:{L:nl13}:{S:}}" } }, { "name": "check_bridge_domain", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{bridge_domain}}", "op": "!=", "right": "" }, { "left": "${E:A:values{bridge_domain}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_bridge_domain}:{S:bridge_domain:}}${XC:COPY:{L:bridge_domain}:{E:values{bridge_domain}}}${XC:ASSIGN:{L:nl14}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_bridge_domain}:{S:}}${XC:ASSIGN:{L:bridge_domain}:{S:}}${XC:ASSIGN:{L:nl14}:{S:}}" } }, { "name": "check_v_host", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{v_host}}", "op": "!=", "right": "" }, { "left": "${E:A:values{v_host}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_v_host}:{S:v_host:}}${XC:COPY:{L:v_host}:{E:values{v_host}}}${XC:ASSIGN:{L:nl15}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_v_host}:{S:}}${XC:ASSIGN:{L:v_host}:{S:}}${XC:ASSIGN:{L:nl15}:{S:}}" } }, { "name": "check_v_switch", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{v_switch}}", "op": "!=", "right": "" }, { "left": "${E:A:values{v_switch}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_v_switch}:{S:v_switch:}}${XC:COPY:{L:v_switch}:{E:values{v_switch}}}${XC:ASSIGN:{L:nl16}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_v_switch}:{S:}}${XC:ASSIGN:{L:v_switch}:{S:}}${XC:ASSIGN:{L:nl16}:{S:}}" } }, { "name": "check_vport_link_status", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vport_link_status}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vport_link_status}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vport_link_status}:{S:vport_link_status }}${XC:COPY:{L:vport_link_status}:{E:values{vport_link_status}}}${XC:ASSIGN:{L:nl17}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vport_link_status}:{S:}}${XC:ASSIGN:{L:vport_link_status}:{S:}}${XC:ASSIGN:{L:nl17}:{S:}}" } }, { "name": "check_vswitch_tep_multicast", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vswitch_tep_multicast}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vswitch_tep_multicast}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vswitch_tep_multicast}:{S:vswitch_tep_multicast }}${XC:COPY:{L:v_os}:{E:values{vswitch_tep_multicast}}}${XC:ASSIGN:{L:nl18}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vswitch_tep_multicast}:{S:}}${XC:ASSIGN:{L:vswitch_tep_multicast}:{S:}}${XC:ASSIGN:{L:nl18}:{S:}}" } }, { "name": "check_device_port_name", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{device_port_name}}", "op": "!=", "right": "" }, { "left": "${E:A:values{device_port_name}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:device_port_name}:{S:device_port_name }}${XC:COPY:{L:device_port_name}:{E:values{device_port_name}}}${XC:ASSIGN:{L:nl19}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_device_port_name}:{S:}}${XC:ASSIGN:{L:device_port_name}:{S:}}${XC:ASSIGN:{L:nl19}:{S:}}" } }, { "name": "check_ap_name", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{ap_name}}", "op": "!=", "right": "" }, { "left": "${E:A:values{ap_name}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_ap_name}:{S:ap_name:}}${XC:COPY:{L:ap_name}:{E: values{ap_name}}}${XC:ASSIGN:{L:nl20}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_ap_name}:{S:}}${XC:ASSIGN:{L:ap_name}:{S:}}${XC:ASSIGN:{L:nl20}:{S:}}" } }, { "name": "check_task_name", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{task_name}}", "op": "!=", "right": "" }, { "left": "${E:A:values{task_name}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_task_name}:{S:task_name:}}${XC:COPY:{L:task_name}:{E: values{task_name}}}${XC:ASSIGN:{L:nl22}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_task_name}:{S:}}${XC:ASSIGN:{L:task_name}:{S:}}${XC:ASSIGN:{L:nl22}:{S:}}" } }, { "name": "check_vswitch_tep_vlan", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vswitch_tep_vlan}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vswitch_tep_vlan}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vswitch_tep_vlan}:{S:vswitch_tep_vlan:}}${XC:COPY:{L:vswitch_tep_vlan}:{E:values{vswitch_tep_vlan}}}${XC:ASSIGN:{L:nl23}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vswitch_tep_vlan}:{S:}}${XC:ASSIGN:{L:vswitch_tep_vlan}:{S:}}${XC:ASSIGN:{L:nl23}:{S:}}" } }, { "name": "check_port_vlan_name", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{port_vlan_name}}", "op": "!=", "right": "" }, { "left": "${E:A:values{port_vlan_name}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_port_vlan_name}:{S:port_vlan_name:}}${XC:COPY:{L:port_vlan_name}:{E:values{port_vlan_name}}}${XC:ASSIGN:{L:nl24}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_port_vlan_name}:{S:}}${XC:ASSIGN:{L:port_vlan_name}:{S:}}${XC:ASSIGN:{L:nl24}:{S:}}" } }, { "name": "check_iprg_id", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{iprg_id}}", "op": "!=", "right": "" }, { "left": "${E:A:values{iprg_id}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_iprg_id}:{S:iprg_id:}}${XC:COPY:{L:iprg_id}:{E:values{iprg_id}}}${XC:ASSIGN:{L:nl25}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_iprg_id}:{S:}}${XC:ASSIGN:{L:iprg_id}:{S:}}${XC:ASSIGN:{L:nl25}:{S:}}" } }, { "name": "check_device_type", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{device_type}}", "op": "!=", "right": "" }, { "left": "${E:A:values{device_type}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_device_type}:{S:device_type:}}${XC:COPY:{L:device_type}:{E:values{device_type}}}${XC:ASSIGN:{L:nl26}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_device_type}:{S:}}${XC:ASSIGN:{L:device_type}:{S:}}${XC:ASSIGN:{L:nl26}:{S:}}" } }, { "name": "check_network_component_location", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{network_component_location}}", "op": "!=", "right": "" }, { "left": "${E:A:values{network_component_location}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_network_component_location}:{S:network_component_location:}}${XC:COPY:{L:network_component_location}:{E:values{network_component_location}}}${XC:ASSIGN:{L:nl27}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_network_component_location}:{S:}}${XC:ASSIGN:{L:network_component_location}:{S:}}${XC:ASSIGN:{L:nl27}:{S:}}" } }, { "name": "check_vswitch_segment_type", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vswitch_segment_type}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vswitch_segment_type}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vswitch_segment_type}:{S:vswitch_segment_type:}}${XC:COPY:{L:vswitch_segment_type}:{E:values{vswitch_segment_type}}}${XC:ASSIGN:{L:nl28}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vswitch_segment_type}:{S:}}${XC:ASSIGN:{L:vswitch_segment_type}:{S:}}${XC:ASSIGN:{L:nl28}:{S:}}" } }, { "name": "check_vswitch_segment_name", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vswitch_segment_name}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vswitch_segment_name}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vswitch_segment_name}:{S:vswitch_segment_name:}}${XC:COPY:{L:vswitch_segment_name}:{E:values{vswitch_segment_name}}}${XC:ASSIGN:{L:nl29}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vswitch_segment_name}:{S:}}${XC:ASSIGN:{L:vswitch_segment_name}:{S:}}${XC:ASSIGN:{L:nl29}:{S:}}" } }, { "name": "check_vswitch_type", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vswitch_type}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vswitch_type}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vswitch_type}:{S:vswitch_type:}}${XC:COPY:{L:vswitch_type}:{E:values{vswitch_type}}}${XC:ASSIGN:{L:nl30}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vswitch_type}:{S:}}${XC:ASSIGN:{L:vswitch_type}:{S:}}${XC:ASSIGN:{L:nl30}:{S:}}" } }, { "name": "check_vmhost_subnet_cidr", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vmhost_subnet_cidr}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vmhost_subnet_cidr}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vmhost_subnet_cidr}:{S:vmhost_subnet_cidr:}}${XC:COPY:{L:vmhost_subnet_cidr}:{E:values{vmhost_subnet_cidr}}}${XC:ASSIGN:{L:nl31}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vmhost_subnet_cidr}:{S:}}${XC:ASSIGN:{L:vmhost_subnet_cidr}:{S:}}${XC:ASSIGN:{L:nl31}:{S:}}" } }, { "name": "check_method", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{method}}", "op": "!=", "right": "" }, { "left": "${E:A:values{method}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_method}:{S:method:}}${XC:COPY:{L:method}:{E:values{method}}}${XC:ASSIGN:{L:nl32}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_method}:{S:}}${XC:ASSIGN:{L:method}:{S:}}${XC:ASSIGN:{L:nl32}:{S:}}" } }, { "name": "check_mgmt_ip_address", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{mgmt_ip_address}}", "op": "!=", "right": "" }, { "left": "${E:A:values{mgmt_ip_address}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_mgmt_ip_address}:{S:mgmt_ip_address:}}${XC:COPY:{L:mgmt_ip_address}:{E:values{mgmt_ip_address}}}${XC:ASSIGN:{L:nl33}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_mgmt_ip_address}:{S:}}${XC:ASSIGN:{L:mgmt_ip_address}:{S:}}${XC:ASSIGN:{L:nl33}:{S:}}" } }, { "name": "check_network_component_name", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{network_component_name}}", "op": "!=", "right": "" }, { "left": "${E:A:values{network_component_name}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_network_component_name}:{S:network_component_name:}}${XC:COPY:{L:network_component_name}:{E:values{network_component_name}}}${XC:ASSIGN:{L:nl34}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_network_component_name}:{S:}}${XC:ASSIGN:{L:network_component_name}:{S:}}${XC:ASSIGN:{L:nl34}:{S:}}" } }, { "name": "check_ap_ssid", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{ap_ssid}}", "op": "!=", "right": "" }, { "left": "${E:A:values{ap_ssid}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_ap_ssid}:{S:ap_ssid:}}${XC:COPY:{L:ap_ssid}:{E:values{ip_address}}}${XC:ASSIGN:{L:nl35}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_ap_ssid}:{S:}}${XC:ASSIGN:{L:ap_ssid}:{S:}}${XC:ASSIGN:{L:nl35}:{S:}}" } }, { "name": "check_vswitch_tep_port_group", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{vswitch_tep_port_group}}", "op": "!=", "right": "" }, { "left": "${E:A:values{vswitch_tep_port_group}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_vswitch_tep_port_group}:{S:vswitch_tep_port_group:}}${XC:COPY:{L:vswitch_tep_port_group}:{E:values{vswitch_tep_port_group}}}${XC:ASSIGN:{L:nl36}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_vswitch_tep_port_group}:{S:}}${XC:ASSIGN:{L:vswitch_tep_port_group}:{S:}}${XC:ASSIGN:{L:nl36}:{S:}}" } }, { "name": "check_device_contact", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{device_contact}}", "op": "!=", "right": "" }, { "left": "${E:A:values{device_contact}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_device_contact}:{S:device_contact:}}${XC:COPY:{L:device_contact}:{E:values{device_contact}}}${XC:ASSIGN:{L:nl37}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_device_contact}:{S:}}${XC:ASSIGN:{L:device_contact}:{S:}}${XC:ASSIGN:{L:nl37}:{S:}}" } }, { "name": "check_endpoint_groups", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{endpoint_groups}}", "op": "!=", "right": "" }, { "left": "${E:A:values{endpoint_groups}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_endpoint_groups}:{S:endpoint_groups: }}${XC:COPY:{L:endpoint_groups}:{E:values{endpoint_groups}}}${XC:ASSIGN:{L:nl38}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_endpoint_groups}:{S:}}${XC:ASSIGN:{L:endpoint_groups}:{S:}}${XC:ASSIGN:{L:nl38}:{S:}}" } }, { "name": "check_tenant", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [{ "left": "${E:A:values{tenant}}", "op": "!=", "right": "" }, { "left": "${E:A:values{tenant}}", "op": "!=", "right": "None" }], "eval": "${XC:ASSIGN:{L:n_tenant}:{S:tenant:}}${XC:COPY:{L:tenant}:{E:values{tenant}}}${XC:ASSIGN:{L:nl39}:{S:,}}", "else_eval": "${XC:ASSIGN:{L:n_tenant}:{S:}}${XC:ASSIGN:{L:tenant}:{S:}}${XC:ASSIGN:{L:nl39}:{S:}}" } }, { "name":"Check add Incident or Security Incident", "operation":"CONDITION", "condition":{ "condition_type":"OR", "statements":[ { "left":"${L:A:ServiceNow_Discov_AddSecurInc}", "op":"==", "right":"true" } ], "next":"Create a Security incident" } }, { "name": "Create an incident", "operation": "POST", "parse": "JSON", "transport": { "path": "/api/now/v2/table/incident" }, "body_list": [ "{", "\"category\":\"Network Security\",", "\"subcategory\":\"DNS ${E:A:event_type}\",", "\"description\":\"Event Information:\\nMember IP: ${E:A:member_ip}\\n Timestamp:${E:A:timestamp}\\n\\n${L:A:n_vnode_oid}${L:A:vnode_oid}${L:A:nl2}${L:A:n_vswitch_segment_port_group}${L:A:vswitch_segment_port_group}${L:A:nl4}${L:A:n_vswitch_name}${L:A:vswitch_name}${L:A:nl6}${L:A:n_vmi_id}${L:A:vmi_id}${L:A:nl9}${L:A:n_vswitch_available_ports_count}${L:A:vswitch_available_ports_count}${L:A:nl10}${L:A:n_vport_mode}${L:A:vport_mode}${L:A:nl11}${L:A:n_iprg_state}${L:A:iprg_state}${L:A:nl12}${L:A:n_v_os}${L:A:v_os}${L:A:nl7}${L:A:n_port_type}${L:A:port_type}${L:A:nl3}${L:A:n_discoverer}${L:A:discoverer}${L:A:nl5}${L:A:n_netbios_name}${L:A:netbios_name}${L:A:nl8}${L:A:n_unmanaged}${L:A:unmanaged}${L:A:nl13}${L:A:n_cisco_ise_endpoint_profile}${L:A:cisco_ise_endpoint_profile}${L:A:nl14}${L:A:n_bridge_domain}${L:A:bridge_domain}${L:A:nl15}${L:A:n_v_host}${L:A:v_host}${L:A:nl16}${L:A:n_v_switch}${L:A:n_v_switch}${L:A:nl17}${L:A:n_vport_link_status}${L:A:vport_link_status}${L:A:nl18}${L:A:n_vswitch_tep_multicast}${L:A:vswitch_tep_multicast}${L:A:nl19}${L:A:n_device_port_name}${L:A:device_port_name}${L:A:nl20}${L:A:n_ap_name}${L:A:ap_name}${L:A:nl22}${L:A:n_task_name}${L:A:task_name}${L:A:nl23}${L:A:n_vswitch_tep_vlan}${L:A:vswitch_tep_vlan}${L:A:nl24}${L:A:n_port_vlan_name}${L:A:port_vlan_name}${L:A:nl25}${L:A:n_iprg_id}${L:A:iprg_id}${L:A:nl26}${L:A:n_device_type}${L:A:device_type}${L:A:nl27}${L:A:n_network_component_location}${L:A:network_component_location}${L:A:nl28}${L:A:n_vswitch_segment_type}${L:A:vswitch_segment_type}${L:A:nl29}${L:A:n_vswitch_segment_name}${L:A:vswitch_segment_name}${L:A:nl30}${L:A:n_vswitch_type}${L:A:vswitch_type}${L:A:nl31}${L:A:n_vmhost_subnet_cidr}${L:A:vmhost_subnet_cidr}${L:A:nl32}${L:A:n_method}${L:A:method}${L:A:nl33}${L:A:n_mgmt_ip_address}${L:A:mgmt_ip_address}${L:A:nl34}${L:A:n_network_component_name}${L:A:network_component_name}${L:A:nl35}${L:A:n_ap_ssid}${L:A:ap_ssid}${L:A:nl36}${L:A:n_vswitch_tep_port_group}${L:A:vswitch_tep_port_group}${L:A:nl37}${L:A:n_device_contact}${L:A:device_contact}${L:A:nl38}${L:A:n_endpoint_groups}${L:A:endpoint_groups}${L:A:nl39}${L:A:n_tenant}${L:A:tenant}\",", "\"short_description\":\"Client ${L:A:address} was discovered by Infoblox appliance ${E:A:member_ip}\",", "\"severity\":\"${I:A:Severity}\",", "\"location\":\"${L:A:ServiceNow_Location}\",", "\"contact_type\":\"Network Monitoring\",", "\"sys_created_by\":\"NIOS Outbound API\"", "}" ] }, { "name": "End of adding Incident", "operation": "CONDITION", "condition": { "statements": [ { "left": "1", "op": "==", "right": "1" } ], "condition_type": "AND", "stop": true } }, { "name": "Create a Security incident", "operation": "POST", "parse": "JSON", "transport": { "path": "/api/now/v2/table/sn_si_incident" }, "body_list": [ "{", "\"category\":\"Shared Intelligence\",", "\"subcategory\":\"DNS ${E:A:event_type}\",", "\"description\":\"Event Information:\\nMember IP: ${E:A:member_ip}\\n Timestamp:${E:A:timestamp}\\n\\n${L:A:n_vnode_oid}${L:A:vnode_oid}${L:A:nl2}${L:A:n_vswitch_segment_port_group}${L:A:vswitch_segment_port_group}${L:A:nl4}${L:A:n_vswitch_name}${L:A:vswitch_name}${L:A:nl6}${L:A:n_vmi_id}${L:A:vmi_id}${L:A:nl9}${L:A:n_vswitch_available_ports_count}${L:A:vswitch_available_ports_count}${L:A:nl10}${L:A:n_vport_mode}${L:A:vport_mode}${L:A:nl11}${L:A:n_iprg_state}${L:A:iprg_state}${L:A:nl12}${L:A:n_v_os}${L:A:v_os}${L:A:nl7}${L:A:n_port_type}${L:A:port_type}${L:A:nl3}${L:A:n_discoverer}${L:A:discoverer}${L:A:nl5}${L:A:n_netbios_name}${L:A:netbios_name}${L:A:nl8}${L:A:n_unmanaged}${L:A:unmanaged}${L:A:nl13}${L:A:n_cisco_ise_endpoint_profile}${L:A:cisco_ise_endpoint_profile}${L:A:nl14}${L:A:n_bridge_domain}${L:A:bridge_domain}${L:A:nl15}${L:A:n_v_host}${L:A:v_host}${L:A:nl16}${L:A:n_v_switch}${L:A:n_v_switch}${L:A:nl17}${L:A:n_vport_link_status}${L:A:vport_link_status}${L:A:nl18}${L:A:n_vswitch_tep_multicast}${L:A:vswitch_tep_multicast}${L:A:nl19}${L:A:n_device_port_name}${L:A:device_port_name}${L:A:nl20}${L:A:n_ap_name}${L:A:ap_name}${L:A:nl22}${L:A:n_task_name}${L:A:task_name}${L:A:nl23}${L:A:n_vswitch_tep_vlan}${L:A:vswitch_tep_vlan}${L:A:nl24}${L:A:n_port_vlan_name}${L:A:port_vlan_name}${L:A:nl25}${L:A:n_iprg_id}${L:A:iprg_id}${L:A:nl26}${L:A:n_device_type}${L:A:device_type}${L:A:nl27}${L:A:n_network_component_location}${L:A:network_component_location}${L:A:nl28}${L:A:n_vswitch_segment_type}${L:A:vswitch_segment_type}${L:A:nl29}${L:A:n_vswitch_segment_name}${L:A:vswitch_segment_name}${L:A:nl30}${L:A:n_vswitch_type}${L:A:vswitch_type}${L:A:nl31}${L:A:n_vmhost_subnet_cidr}${L:A:vmhost_subnet_cidr}${L:A:nl32}${L:A:n_method}${L:A:method}${L:A:nl33}${L:A:n_mgmt_ip_address}${L:A:mgmt_ip_address}${L:A:nl34}${L:A:n_network_component_name}${L:A:network_component_name}${L:A:nl35}${L:A:n_ap_ssid}${L:A:ap_ssid}${L:A:nl36}${L:A:n_vswitch_tep_port_group}${L:A:vswitch_tep_port_group}${L:A:nl37}${L:A:n_device_contact}${L:A:device_contact}${L:A:nl38}${L:A:n_endpoint_groups}${L:A:endpoint_groups}${L:A:nl39}${L:A:n_tenant}${L:A:tenant}\",", "\"short_description\":\"Client ${L:A:address} was discovered by Infoblox appliance ${E:A:member_ip}\",", "\"severity\":\"${I:A:Severity}\",", "\"location\":\"${L:A:ServiceNow_Location}\",", "\"contact_type\":\"Network Monitoring\",", "\"sys_created_by\":\"NIOS Outbound API\"", "}" ] }, { "name": "Security Incident creation error check", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${R:A:RC}", "op": "!=", "right": "201" } ], "error": true } }, { "name": "Get the security incident", "operation": "GET", "parse": "JSON", "transport": { "path": "/api/now/v2/table/sn_si_incident?number=${P:U:result{number}}" } }, { "name": "set security incident time in a variable", "operation": "NOP", "body_list": [ "${XC:COPY:{L:TimeIncidentCreated}:{P:result[0]{sys_created_on}}}", "${XC:COPY:{L:IncidentSysID}:{P:result[0]{sys_id}}}", "${XC:COPY:{L:number}:{P:result[0]{number}}" ] } ] }