Adds a comment to an incident ticket of a ServiceNow instance.
External DocumentationTo learn more, visit the ServiceNow documentation.

Parameters

ParameterDescription
Incident FieldsA JSON map of fields to apply on the incident.

”urgency”/“impact” fields may contain the values “1” (High), “2” (Medium), “3”(Low).
“assigned_to” field contains the username/ID of the user that the incident will be assigned to.
System IDThe ID assigned to the record.
Table NameThe name of the table, such as “incident” or “asset”.

Example Output

{
	"result": {
		"parent": "",
		"u_vendor_name": "<string>",
		"u_related_edr_record": "<string>",
		"watch_list": "",
		"related_party_users": "<string>",
		"sys_updated_on": "2022-12-21 04:08:52",
		"u_search_id": "<string>",
		"u_source_ip": "<string>",
		"environment_type": "<string>",
		"skills": "<string>",
		"u_mttdrv": "<string>",
		"u_wba_dsep": "<string>",
		"state": "In Progress",
		"sys_created_by": "admin",
		"knowledge": "false",
		"u_subcategory": "<string>",
		"u_incident_type": "<string>",
		"impact": "1 - High",
		"active": "true",
		"auto_created_case": "<string>",
		"log_source_type": "<string>",
		"first_response_time": "<string>",
		"group_list": "",
		"platform_enablement_phase": "<string>",
		"u_vendor_ref_number": "<string>",
		"u_cis_control": "<string>",
		"correlation_display": "",
		"u_mtt_detect": "<string>",
		"u_user": "<string>",
		"follow_up": "",
		"u_customer_reference_number": "<string>",
		"contact_local_time": "<string>",
		"u_customer_declared_incident": "<string>",
		"u_last_additional_comment": "<string>",
		"u_vsoc_detect": "<string>",
		"u_case_type": "<string>",
		"u_alert_time": "<string>",
		"u_planned_start_date": "<string>",
		"story_points": "<string>",
		"priority_changed": "<string>",
		"u_splunk_link": "<string>",
		"u_first_assigned_on": "<string>",
		"u_category": "<string>",
		"partner": "<string>",
		"stage": "<string>",
		"u_reopen_count": "<string>",
		"escalation": "Normal",
		"correlation_id": "",
		"u_exclude_from_torq_auto_closure": "<string>",
		"u_soar_link": "<string>",
		"made_sla": "true",
		"u_destination_ip": "<string>",
		"project": "<string>",
		"u_first_assigned_engineer": "<string>",
		"u_security_incident": "<string>",
		"user_input": "",
		"sys_created_on": "2022-12-21 04:08:52",
		"contact": "<string>",
		"impact_changed": "<string>",
		"route_reason": "",
		"u_event_name": "<string>",
		"closed_at": "",
		"u_dw_correlation": "<string>",
		"follow_the_sun": "<string>",
		"u_qa_notes": "<string>",
		"u_documentation_link": "<string>",
		"business_impact": "",
		"u_agent_type": "<string>",
		"time_worked": "",
		"work_end": "",
		"u_related_mdr_record": "<string>",
		"u_qa_assignee": "<string>",
		"subcategory": null,
		"u_hosts": "<string>",
		"assignment_group": {
			"link": "<string>",
			"value": "<string>"
		},
		"customer_updated_by": "<string>",
		"u_request_issue": "<string>",
		"u_marked_for_sanitization": "<string>",
		"description": "Example long description",
		"proactive": "<string>",
		"u_data_source": {
			"link": "<string>",
			"value": "<string>"
		},
		"u_mtta": "<string>",
		"x_virta_mitre_tactic_list": "<string>",
		"sys_id": "a39da5d387f7d1105e5cfd57dabb35e5",
		"probable_cause": "<string>",
		"urgency": "1 - High",
		"major_case_state": "<string>",
		"u_dw_escalated_by": "<string>",
		"approval": "Not Yet Requested",
		"u_event_time": "<string>",
		"u_soar_incident_id": "<string>",
		"u_dw_mttca": "<string>",
		"project_task": "<string>",
		"internal_user": "<string>",
		"sys_tags": "",
		"u_file_path": "<string>",
		"u_declared_incident_time": "<string>",
		"u_mtti": "<string>",
		"u_mttd": "<string>",
		"u_mttc": "<string>",
		"u_customer_validation_state": "<string>",
		"u_mttn": "<string>",
		"related_party_consumers": "<string>",
		"u_mttca": "<string>",
		"upon_reject": "Cancel all future Tasks",
		"support_manager": "<string>",
		"approval_history": "",
		"u_schedule_type": "<string>",
		"feedback": "<string>",
		"number": "INC0010034",
		"u_destination_port": "<string>",
		"u_mitre_tactic": "<string>",
		"u_mttcw": "<string>",
		"u_mttcv": "<string>",
		"case": "<string>",
		"order": "",
		"u_event_of_interest": "<string>",
		"u_splunk_search": "<string>",
		"u_mttdi": "<string>",
		"contract": "",
		"priority": "1 - Critical",
		"sys_domain_path": "/",
		"u_customer_ack_time": "<string>",
		"business_duration": "",
		"child_case_creation_progress": "<string>",
		"sync_driver": "<string>",
		"u_customer_validation_time": "<string>",
		"x_pd_integration_incident_id": "<string>",
		"universal_request": "",
		"short_description": "Example Incident Title",
		"work_start": "",
		"additional_assignee_list": "",
		"notify": "Do Not Notify",
		"sys_class_name": "Incident",
		"closed_by": {
			"link": "<string>",
			"value": "<string>"
		},
		"reassignment_count": "0",
		"contact_time_zone": "<string>",
		"contributor_users": "<string>",
		"notes_to_comments": "<string>",
		"u_related_fw_record": "<string>",
		"assigned_to": "<string>",
		"u_search_name": "<string>",
		"u_source_hostname": "<string>",
		"product": "<string>",
		"u_customer_assignment_time": "<string>",
		"u_mitre_technique": "<string>",
		"sla_due": "UNKNOWN",
		"u_file_name": "<string>",
		"u_customer_notification_group": {
			"link": "<string>",
			"value": "<string>"
		},
		"u_mttdwv": "<string>",
		"upon_approval": "Proceed to Next Task",
		"partner_contact": "<string>",
		"customer_updated": "<string>",
		"asset": "<string>",
		"u_mitre_sub_technique_list": "<string>",
		"feedback_submitter": "<string>",
		"u_threat_hunt_outcomes": "<string>",
		"u_jira_ref_number": "<string>",
		"sprint_status": "<string>",
		"task_effective_number": "INC0010034",
		"resolved_by": {
			"link": "<string>",
			"value": "<string>"
		},
		"sys_updated_by": "admin",
		"u_mttca_2": "<string>",
		"opened_by": {
			"link": "https://dev125455.service-now.com/api/now/table/sys_user/6816f79cc0a8016401c5a33be04be441",
			"value": "<string>"
		},
		"u_suppress_email_notifications": "<string>",
		"sys_domain": {
			"link": "https://dev125455.service-now.com/api/now/table/sys_user_group/global",
			"value": "<string>"
		},
		"u_outcome_severity": "<string>",
		"tuning_recommendation": "<string>",
		"u_mttdwc": "<string>",
		"contributor_groups": "<string>",
		"u_credentials_compromised": "<string>",
		"business_service": "",
		"entitlement": "<string>",
		"u_on_hold_reason": "<string>",
		"u_change_type": "<string>",
		"u_ioc": "<string>",
		"expected_start": "",
		"opened_at": "2022-12-21 04:08:52",
		"x_virta_mitre_mitigation_list": "<string>",
		"resolved_at": "",
		"u_mtt_response": "<string>",
		"u_destination_hostname": "<string>",
		"u_mtt_validate": "<string>",
		"cause": "",
		"calendar_duration": "",
		"close_notes": "",
		"auto_close": "<string>",
		"contact_type": null,
		"u_planned_end_date": "<string>",
		"resolution_code": "<string>",
		"u_related_vms_record": "<string>",
		"u_reporting_device": "<string>",
		"activity_due": "2022-12-21 06:08:52",
		"x_virta_mitre_technique_list": "<string>",
		"comments": "",
		"due_date": "",
		"sys_mod_count": "0",
		"u_file_hash": "<string>",
		"u_mttrv": "<string>",
		"tell_us_how_we_did": "<string>",
		"u_customer_acknowledgement_time": "<string>",
		"u_alert_assignment_time": "<string>",
		"category": "Inquiry / Help",
		"account": {
			"link": "<string>",
			"value": "<string>"
		},
		"u_string_1": "<string>"
	}
}

Workflow Library Example

Forcepoint Dlp on Confidential Email Alert Ask User for Reason and Request Approval
Workflow LibraryPreview this Workflow on desktop