• Name - The name of your creation rule.

  • Ideally, this will give you an idea of what it does at a glance.

• Processing Order - Determines the order that creation rules are evaluated.

  • This is a positive integer with lower numbers indicating a higher priority.

  • A Creation Rule with a Processing Order of 1 (the highest priority) will be evaluated against an alert before a Creation Rule with a Processing Order of 100.

  • Once an alert is matched to a Creation Rule no other rules will be evaluated.

  • Must be unique.

• Description - A friendly description of the Creation Rule.

• Alert Condition - The condition that an incoming SCOM alert must meet to match against this rule.

  • Covered in more detail in the next section.

• Active - Specifies whether this Creation rule is active or not.

  • Defaults to false.

• Wait Rule - Specifies if this should be a Wait Rule or not.

  • Covered in more detail here.

  • Defaults to false.

Creation Rules contain the Alert Condition field which defines the criteria used to match alerts to the rule by their properties. When an alert matches an Alert Condition it is assigned to that Creation Rule. If an alert does not match the Alert Condition, it will be passed on to the Creation Rule next in the processing order until it matches a Creation Rule or no Creation Rules are left to match against.

They use the Standard ServiceNow picker so can be created using logical AND or OR clauses. If using an AND clause all of the selected conditions must be true to match the rule, if using an OR clause any of the selected conditions. They can be used in conjunction with each other to create more complex conditions.

All Creation rules require some sort of criteria to match against an alert. Should you wish every alert to match a particular rule, the usual approach would be to set the filter to 'Alert ID is not empty' as there should be no real alert that fails to match this condition (though does allow you the flexibility to test Creation Rules in isolation).

• Record Type - The type of record that you would like to create. Options currently include:

  • Incident (Default)

  • Problem

  • Change Request

  • Change Task

  • Service Task

  • Catalog Task

  • Task

• Caller - The caller associated with the created record

  • Defaults to your service account

• Contact Type - The contact type of your created record

• Category - The category of your created record

• Subcategory - The subcategory of your created record (depends on Category)

• Automatically Map CI - If Enabled attempt to match to Configuration Items automatically

  • Requires our Discovery product

  • Further information is available here

• Configuration Item/Fallback Configuration Item - A statically defined configuration item

  • When Automatically Map CI is not enabled this will apply to every record created by this rule

  • When Automatically Map CI is enabled this will apply if a matching CI cannot be found

• Impact - The impact level of your created record

• Urgency - The urgency level of your created record

• Assignment Group - The group that this record will be assigned to

• Assigned to - The user that this record will be assigned to

  • If Assignment Group is set the Assigned to field will scope to members of that group

• Company - The company that this record will be assigned to

  • If using Domain separation this is an easy way of tagging the required domain

1. Log in to ServiceNow, search for “Cookdown“ and select 'Creation Rules'

2. Select 'New'

3. Set a Name

   1. This should be concise but descriptive

4. Tick the 'Active' checkbox

5. Set a Processing Order

   1. For example 50

6. Set an Alert Condition

   1. 'Alert Id is not empty' is a great way of selecting all alerts

   2. 'Resolution State is not Closed' is a great way of testing filtering

7. Under ‘Incident / Task Creation’ set the Record Type to 'Incident'

8. Set an Assignment Group and/or Assigned To value

   1. For testing purposes, we recommend assigning to yourself to minimize any impact

1. Name - SQL Alerts

2. Active - True

3. Processing Order - 10

4. Alert Condition - [Monitoring Object Display Name] [contains] [SQL]

5. Record Type - Incident

6. Configuration Item - MSSQLSERVER

7. Assignment Group - SQL Team

The rest of the properties are left in their default state.

1. Name - Generic Infrastructure

2. Active - True

3. Processing Order - 50

4. Alert Condition - [Alert Id] [Is not empty]

5. Record Type - Incident

6. Configuration Item - Infrastructure Services

7. Assignment Group - Infrastructure Triage Team

The rest of the properties are left in their default state.

Wait Rule: Unless this box is checked, the rule is a Creation Rule. Check this box to make the wait rule. Doing this will disable Advanced Creation and Advanced Updates scripting options and remove Configuration Item and Assignment Group options (as they don't apply to wait rules)

Name: the name of the wait rule you are creating

Alert Condition: The condition that an incoming SCOM alert must meet to match this rule. The conditions available are the same as those for Creation Rules.

Wait Duration: How long the SCOM alert should be held before being evaluated against other rules on a lower priority (processing order)

Description: A friendly description of the Wait Rule

Active: Specifies whether this Rule is active or not (default is inactive)

Processing order: The order that this Rule is processed. Lower numbered rules are processed first (IE 1 is the highest priority), an alert can flow through a single wait rule only before hitting a Creation Rule. ServiceNow will not process lower priority rules once it has found a match on a higher priority one.