Incidents with SLA Breach Report

This task generates a report detailing ServiceNow incidents with an SLA breach.

You can run this task interactively, from a schedule, or via an API call to PPA.

It requires an OAuth application for PPA registered in the ServiceNow instance.

Playbook Files

plugins:
  ppa: ~5
  hashicorp_vault: ~5
  service_now: ~4
  ppa_tools: ~5


steps:


  - name: Check if Interactive/Scheduled/API Triggered
    actions:

      - ppa.task.started_by_user:
        save: interactive


  - name: Introduction if Headless
    when: not interactive
    actions:
      # If the task was started by a schedule or API call, look for the email recipient in the task payload.

      - ppa.task.get_payload_values:
          keys:
            - name: email_address
        save: payload

      - ppa.ui.output_markdown:
          doc: >
            {{ globals.icons.service_now.full }}


            ### Incidents with SLA Breach Report


            This task finds untagged Service Now incidents with an SLA breach & displays them in a table.


            This task was started by {{ "a __schedule__" if globals.task.trigger == "job" else "an __API__ call" }}.


  - name: Introduction
    when: interactive
    actions:

      - ppa.ui.output_markdown:
          doc: >
            {{ globals.icons.service_now.full }}


            ### Incidents with SLA Breach Report


            This task finds untagged Service Now incidents with an SLA breach & displays them in a table.


            You will need to:


            - Provide Service Now access credentials

            - Choose whether to send an email with the report details

            - Supply an email address (if applicable)

      - ppa.ui.input_accept:
          text: Start


  - name: Get ServiceNow Secrets
    actions:
      - hashicorp_vault.key_value.read_secret_keys:
          secret: service_now
          keys:
            - name: address
            - name: client_id
            - name: client_secret
              sensitive: true
            - name: refresh_token
              sensitive: true
          reason: Getting ServiceNow Details
          create_missing: true
        save: service_now_secrets

      - ppa.ui.output_progress:
          text: Generating ServiceNow access token...
          percent: null
          element_id: generating_access_token

      # Generate an access token to use during this task.
      - service_now.access_tokens.from_refresh_token:
        load:
          address: service_now_secrets.address
          client_id: service_now_secrets.client_id
          client_secret: service_now_secrets.client_secret
          refresh_token: service_now_secrets.refresh_token
        save: service_now_secrets

      - ppa.ui.output_progress:
          text: ServiceNow access token generated
          percent: 100
          element_id: generating_access_token


  - name: Get Incidents with an SLA Breach
    actions:

      - ppa.ui.output_progress:
          text: Finding incidents with an SLA breach...
          percent: null
          element_id: find_incidents

      - service_now.incidents.search:
          active: true
          made_sla: false
        load:
          access_details: service_now_secrets
        save: all_incidents

      - ppa.ui.output_progress:
          text: Found {{ all_incidents | length }} with SLA breach
          percent: 100
          element_id: find_incidents

      - eval:
          expression: >
            [
                [
                    incident["number"],
                    incident["short_description"],
                    incident["state"]["name"] if incident["state"] is not None else "",
                    incident["assigned_to"]["name"] if incident["assigned_to"] is not None else "",
                    incident["opened_by"]["name"] if incident["opened_by"] is not None else "",
                    incident["sys_created_on"]
                ]
                for incident in all_incidents
            ]
        save: incidents_rows

      - ppa_tools.generate.html_table:
          header:
            - Number
            - Description
            - Status
            - Assigned To
            - Opened By
            - Created On
        load:
          rows: incidents_rows
        save: incidents_report_table

      # Format the instance & region data into the report template configured at the bottom of the Playbook.
      - format_template:
          key_values:
            icon: "{{ globals.icons.ppa.full }}"
            incidents_report_table: "{{ incidents_report_table }}"
        load:
          template: report_template
        save: formatted_report

      - ppa.ui.output_table:
          text: Incidents with an SLA Breach
          header:
            - Number
            - Description
            - Status
            - Assigned To
            - Opened By
            - Created On
        load:
          rows: incidents_rows

      - ppa.ui.input_confirm:
          text: Send email report?
          confirm: Yes
          cancel: No
        save: send_email_report
        when: interactive

      # Always send the report email if the task was started from a schedule or API call.
      - set:
          name: send_email_report
          value: true
        when: not interactive


  - name: Send Email Report
    when: send_email_report
    actions:

      - ppa.ui.input_email:
          text: Please supply an email address for reporting
        save: recipient
        when: interactive

      - set:
          name: recipient
        load:
          value: payload.email_address
        when: not interactive

      - ppa.ui.output_progress:
          text: Sending email report...
          percent: null
          element_id: sending_email_report

      - ppa.events.send_email:
          subject: PPA - Incidents with SLA Breach Report
          reason: Sending Incidents Report
          recipients:
            - "{{ recipient }}"
        load:
          html: formatted_report

      - ppa.ui.output_progress:
          text: Delivered email with report
          percent: 100
          element_id: sending_email_report


set:
  report_template: >
    <html>
      <head>
          <p style="text-align:center;">
              {icon}
          </p>
          <br/>
      </head>

      <body>
          <p style="text-align: center; font-weight: bold; font-size: 20;">
            Service Now - Incidents with SLA Breach Report
          </p>

          <div style="margin: auto;">
            {incidents_report_table}
          </div>

          <footer>
            <br/>
            <br/>
            <p style="text-align:center;font-weight:lighter;font-size:10;">
              Email generated and delivered by Osirium PPA.
            </p>
          </footer>

      </body>
    </html>

Running this Playbook

Click download playbook
Import the downloaded file via the Playbooks page on PPA
Build the playbook from the Edit & Build tab
Run the playbook from the Preview & Deploy tab

* Requires PPA v2.9.x or newer

Integrations

PPA User Interface
Hashicorp Vault Key-Value engine
ServiceNow Incidents
PPA Tools Generate

Required PPA Configuration

If you run start this task from a schedule or API call, the report will be sent via email.

When started interactively the user will have the choice to email the report.

To email this report you must have SMTP configured in PPA.

Required Vault Details

ServiceNow

Instance Address
OAuth Client ID
OAuth Client Secret
OAuth Refresh Token

As this is a privileged task, the ServiceNow OAuth token must be able to read incidents.

You can run the following command to generate a refresh token once your PPA OAuth Application is registered.

The refresh token will be linked to the supplied username:

curl -d \
    "grant_type=password\
    &client_id=your-client-id\
    &client_secret=your-client-secret\
    &username=your-username\
    &password=your-password" \
    https://your-instance.service-now.com/oauth_token.do

Vault Configuration Wizard

The first time you run a task built from this playbook, PPA will check the required Vault details exist.

If they don't exist, PPA will ask you to supply the details at the start of the task.

Below you can see a user providing details the first time they run an Active Directory task.

vault-config-wizard

Once the details are added to Vault, the task won't ask for them again.

If you don't know the required details, ask an administrator to run the task or configure Vault manually.

API/Schedule Payload

To run this task from a schedule or API call, you'll need to supply the following in the payload:

Reporting email address

The payload should be in this format:

{"email_address": "example@domain.com"}

You can use the example payload above as a template.

What the Task Does

Interactive

When run interactively this task will:

Display a table of all active ServiceNow incidents with an SLA breach
Ask the user whether to send the report in an email

Schedule/API

When started from a schedule or API call, this task will:

Display a table of all active ServiceNow incidents with an SLA breach
Send the report in an email

See our other playbooks

Get PPA for free!

Start automating your estate with a free 30 day trial today. No signup required!

Get PPA Express

Documentation

Installation Guide
See how easy it is to get started with our installation guide
Playbooks
View our task writing reference guide
Plugins
See how to integrate with different systems using our plugins reference guide.