Set conditions for when Carbon Black Cloud alerts should automatically generate ServiceNow Incidents or ServiceNow Security Incidents for the ITSM and SecOps Apps, respectively. If you do not want to create incident creation criteria, skip this step.

Continue after Step 3 of Configure Alert Filtering for ITSM and SecOps Apps (Optional).

Note: To change this configuration after the initial setup, go to VMware Carbon Black Cloud > Configurations and click Incident Creation.

Prerequisites

Create a ServiceNow Configuration Profile

Procedure

  1. To create an automatic incident, select the Apply Incident Creation checkbox and supply the condition in the Incident Creation field.
  2. To get a suggested default value for any setting, click the Apply Defaults button.
  3. Verify the default value settings.
  4. To set custom criteria for automatic alert creation, select an Incident Condition field. Provide corresponding values to meet the condition.

    Set custom criteria for automatic alert creation

  5. To add more conditions, provide OR and AND operations.
  6. Click Add Criteria to add more conditions.
  7. Click Next.
    Note: Only a user who has the application admin role can delete alerts. When alerts are manually deleted and an incident is already associated to that alert, the user must manually manage the incident.

What to do next

Configure Alert Aggregation for ITSM and SecOps Apps (Optional)