Installation and Setup - Alert Sync

Cookdown Alert Sync for ServiceNow is made up of two pieces, a SCOM management pack and a ServiceNow app. They are installed and configured to talk to each other to sync Alerts and raise Incidents.


Before you get stuck in make sure you have the following:

  1. A valid Cookdown Alert Sync product license key
  2. A ServiceNow service account that SCOM can use to connect to ServiceNow with
  3. ServiceNow admin credentials (to install the ServiceNow app with)
  4. SCOM admin credentials (to install the SCOM MP with)



There are two management packs to install into SCOM:

  • Cookdown ServiceNow Connector
  • Cookdown Licensing

Both Management Packs are installed like any other management pack following the standard Microsoft import from disk steps here. After installation, close and re-open the SCOM console.

Note that the Cookdown ServiceNow Connector contains multiple products (Alert Sync and Mapping) and what is available to use depends on what you have a license activated for and that the Licensing Management Pack is shared between all Cookdown products that are licensed in SCOM. This means that if you already have a copy of the Cookdown Licensing and/or Cookdown ServiceNow Connector Management Packs installed you have nothing else to install into SCOM.


The Cookdown SCOM Connector app is a free download from the ServiceNow App Store. Install it from there. Direct link to Store app.


The Cookdown SCOM Connector adds 3 tables. From Madrid onwards, ServiceNow license additional tables added to your instance so may charge you for their addition, but typically a table allocation is included in your ServiceNow ITOM or ITSM subscription. For more info contact your ServiceNow representative.

ServiceNow Setup

Once the ServiceNow app has been installed you need to

  1. To set up some Incident Creation Rules.
  2. To create a service account for SCOM to use when connecting to ServiceNow
  3. Set the Caller ID in ServiceNow that you want Incidents to be raised using

Incident Creation Rules

To do this go to Cookdown Alert Sync > Incident Creation Rules

To understand Incident creation rules please read this article

To get you started, create an Incident creation rule to create incidents for all received alerts as per the below screenshot (replacing the Configuration Item and Assignment Group as appropriate for your ServiceNow instance):

Service Account

For SCOM to be able to connect to ServiceNow, a service account needs to be created. To do this, in ServiceNow:

  1. Navigate to User Administration > Users
  2. Hit New
  3. Add a sensible user ID and enter a password
  4. Hit submit
  5. Find the account you just created and click it
  6. Add  the "x_oklt_cookdown_sc.scom_sync_service" and "ITIL" roles and hit Save

Set Caller ID and SCOM Object ID field

  1. In ServiceNow search for Users
  2. Find the service account you created and load it
  3. right-click in the grey bar and hit "Copy  sys_id"
  4. Navigate to Cookdown SCOM Connector > Cookdown Configuration
  5. Paste the SysID you just copied into the first box
  6. Input the field you plan to use for the connector to automatically assign the correct CI to Incidents created. Note automatically mapping CIs will only work if you have our Discovery and Alert Sync products. Read more here.
  7. Check the "Allow contains for SCOM Object Id Search" box if the SCOM Object ID is stored in a field with other items rather than a field that simply contains this ID


    Note that use of the contains search is more load intensive on your ServiceNow instance so while we provide this functionality, we recommend you store the SCOM Id in a field by itself

  8. Configure how many days worth of SCOM alerts you would like to be stored in ServiceNow. Note that SCOM alerts age is judged by the time it was raised in SCOM rather than the time it was pushed to ServiceNow. While there is no charge from ServiceNow from storing more SCOM alerts in your ServiceNow instance, the performance of your instance may start to degrade if you keep hold of a large number of alerts. Work with your ServiceNow representative for expectations on what is reasonable as performance expectations will vary based on your instance's configuration.
  9. Once your settings are correct click Save

  10. Save the record

SCOM Setup

After Installing the Management Pack you will see some extra nodes appear in the SCOM Console's Administration pane:

Click the Alerts Node and after activating a valid license, you will be shown the setup screen:

Follow the below steps to configure the Alert Sync portion of the ServiceNow Connector

License Alert Sync

  1. in the Administration pane navigate to ServiceNow Connector - Cookdown
  2. Select Cookdown Licensing from the Actions pane on the right-hand side of the screen
  3. Paste in your license key and click Apply License - note that this requires internet access from your SCOM console to succeed
  4. If you don't have internet access on your SCOM console, hit the link at the bottom of this screen and paste in the JSON from your license file and click Apply License
  5. Once your license has been activated you will see a success message and the licensing screen will update with the product(s) licensed, the feature set you are licensed for, and the license expiry. Once a license has been applied, close Cookdown Licensing and the Alerts node will display the product's settings.
  6. If you dont have a license file, contact to get one.

Setup Run As Account and Profile

  1. In the SCOM Console go to the Administration pane, expand Run As Configuration, Right click Accounts, and select "Create Run As Account..."
  2. Select the type of Run As account to create (EG Basic Auth), Give a display name and a description
  3. Input your ServiceNow credentials
  4. Select your preferred Distribution model (we recommend the "more secure" option and have written this guide based around this option being chosen)
  5. Click Create
  6. Close the Wizard when it completes and navigate to Run As Configuration > Profiles
  7. Find the "Cookdown: Alert Sync for ServiceNow" profile (which is created when you install our Management Pack) and click Properties from the Actions pane
  8. Skip through the wizard to the "Run As Accounts" page and click Add
  9. Select the Run As Account you just created and ensure "All targeted objects" is selected at the bottom of this screen then hit OK
  10. Click Save at the bottom of the wizard and then ensure the credentials are distributed to all SCOM Management Servers by clicking on the Run As account you created on the screen presented and then adding in the needed computers by clicking Add
  11. While you can choose to distribute these machines anyway you like, we recommend adding the Cookdown ServiceNow Connector Resource Pool (which is added when the Management Pack is installed). This resource pool is by default set to automatic membership and contains all management servers in your management group. Using this group ensures that the credentials are distributed to any future Management Servers you might bring online.
  12. Confirm all open wizard dialogues and navigate to ServiceNow Connector - Cookdown > Alerts. You should see confirmation that your Run As account is configured correctly

ServiceNow Instance Name/URL and Connector Setup

  1. Navigate to ServiceNow Connector - Cookdown > Alerts and input your ServiceNow instance name
  2. The ServiceNow Instance URL will auto-generate but if the generated URL is incorrect please overtype the generated URL with the correct one
  3. Click Create Connector
  4. Input your Connector Name, Display Name, and Description and choose whether to send all Alerts to ServiceNow from SCOM or customize which Alerts are sent from SCOM to ServiceNow.
  5. Click Test Connection (which tests basic connectivity to ServiceNow) and when the test passes hit Save Settings - note that this is critical as settings are not saved automatically and will be lost if you navigate away from the Alerts node without saving
  6. Navigate to Product Connectors > Internal Connectors, hit F5 to refresh the connectors list, pick the connector you just created and select Properties in the Tasks pane
  7. If you picked "All Alerts" in step 5, check a subscription is shown, if you picked "Customize" in step 5 hit Add to create a new subscription
  8. Give the subscription a name and description
  9. Select the groups that the subscription is approved for
  10. Select the desired alert forwarding behavior
  11. Set the criteria used by SCOM to forward Alerts based on and hit create
  12. We recommend you tune SCOM with Easy Tune rather than filter out Alerts at the connector level as these settings are too crude to be effective though there are some use cases where having these options would be useful

Global Enable/Disable, Sync interval and Alert closing behavior

After completing the above there are a few final options you can choose to customize and a global enable/disable toggle to flip

  • Enabled - when checked alerts are pushed to our ServiceNow app's "SCOM Alerts" table, when unchecked no Alerts are pushed/synced. We recommend completing setup before enabling Alert Sync
  • Enabled Event Management - when checked alerts are pushed to Event Management as Events.


    SCOM alerts can be pushed to both our store app and event management at the same time if both enable settings are checked - this is useful for migrating to/from Event Management.

  • Interval Seconds - the frequency at which SCOM Alerts are synced with ServiceNow. Default value = 120 secs, minimum value = 60 secs
  • Bidirectional Sync - if checked ServiceNow data is synced to SCOM's Custom Fields. If unchecked data from SCOM is synced to ServiceNow only.


    Bidirectional sync stores data in SCOMs CustomFields, so be sure nothing is stored in the CustomFields before enabled (or we will overwrite existing data in these fields)

    More on Bidirectional sync default behavior on this page.
  • Allow Alerts to be closed by ServiceNow - If checked, when a ServiceNow incident is closed, the SCOM Alert that generated it is also closed. This setting will be greyed out unless "Bidirectional Sync" is enabled, Bi-directional sync is a dependency for Alerts to be closed by ServiceNow
  • Allow Resetting Monitor Monitor Health State- if checked, when an Incident is closed from ServiceNow and the workflow that generated the alert is a Monitor one, Alert Sync will close the monitor alert and reset the monitor. If the monitor is still outside of its thresholds a new Alert and Incident will be raised. This setting will be greyed out unless "Bidirectional Sync" + "Allow Alerts to be closed by ServiceNow" are checked, these features are dependencies.

Proxy Support

Please see our dedicated proxy support article here.