Skip to content

Instantly share code, notes, and snippets.

@cmcdevitt
Last active January 21, 2021 19:58
Show Gist options
  • Select an option

  • Save cmcdevitt/24f660eda34a2dd9e5bebd4ca543b099 to your computer and use it in GitHub Desktop.

Select an option

Save cmcdevitt/24f660eda34a2dd9e5bebd4ca543b099 to your computer and use it in GitHub Desktop.
Scripted REST Web Service
(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
var caller; //Manadatory ServiceNow User
var cmdb_ci; //Manadatory Varies need to provide list
var shor_description; //Manadatory text 40 charters
var company; //Manadatory "xxx | xxxx | xxx | xxxx"
var requestBody = request.body;
var requestData = requestBody.data;
if(requestData instanceof Array){
//test for multiple body objects / JSON To-do loop through incoming object?
caller = requestData[0].caller;
contact_type = requestData[0].contact_type;
cmdb_ci = requestData[0].cmdb_ci;
company = requestData[0].company;
description = requestData[0].description;
short_description = requestData[0].short_description;
u_rq_ticket_id = requestData[0].u_rq_ticket_id;
u_rq_caller = requestData[0].u_rq_caller;
u_rq_source = requestData[0].u_rq_source;
u_rq_priority = requestData[0].u_rq_priority;
u_rq_category = requestData[0].u_rq_category;
u_rq_subcategory = requestData[0].u_rq_subcategory;
//u_rq_close_code = requestData[0].u_rq_close_code;
u_rq_opened = requestData[0].u_rq_opened;
u_rq_assignment_group = requestData[0].u_rq_assignment_group;
u_rq_assigned_to = requestData[0].u_rq_assigned_to;
u_rq_child_ticket = requestData[0].u_rq_child_ticket;
u_rq_detection_source = requestData[0].u_rq_detection_source;
//u_rq_close_by = requestData[0].u_rq_close_by;
//SIEM Data
u_event = requestData[0].u_event;
u_source_ip = requestData[0].u_source_ip;
u_source_url = requestData[0].u_source_url;
u_source_port = requestData[0].u_source_port;
u_source_host = requestData[0].u_source_host;
u_source_domain = requestData[0].u_source_domain;
u_source_geo = requestData[0].u_source_geo;
u_file_name = requestData[0].u_file_name;
u_file_path = requestData[0].u_file_path;
u_process_name = requestData[0].u_process_name;
u_log_source = requestData[0].u_log_source;
u_act = requestData[0].u_act;
u_offense = requestData[0].u_offense;
u_destination_ip = requestData[0].u_destination_ip;
u_destination_url = requestData[0].u_destination_url;
u_destination_port = requestData[0].u_destination_port ;
u_destination_host = requestData[0].u_destination_host;
u_destination_domain = requestData[0].u_destination_domain;
u_impacted_user = requestData[0].u_impacted_user;
u_destination_geo = requestData[0].u_destination_geo;
u_malware = requestData[0].u_malware;
u_filehash = requestData[0].u_filehash;
u_mac_address = requestData[0].u_mac_address;
}else{
caller = requestData.caller;
contact_type = requestData.contact_type;
cmdb_ci = requestData.cmdb_ci;
company = requestData.company;
description = requestData.description;
short_description = requestData.short_description;
u_rq_ticket_id = requestData.u_rq_ticket_id;
u_rq_caller = requestData.u_rq_caller;
u_rq_source = requestData.u_rq_source;
u_rq_priority = requestData.u_rq_priority;
u_rq_category = requestData.u_rq_category;
u_rq_subcategory = requestData.u_rq_subcategory;
//u_rq_close_code = requestData.u_rq_close_code;
u_rq_opened = requestData.u_rq_opened;
u_rq_assignment_group = requestData.u_rq_assignment_group;
u_rq_assigned_to = requestData.u_rq_assigned_to;
u_rq_child_ticket = requestData.u_rq_child_ticket;
u_rq_detection_source = requestData.u_rq_detection_source;
//u_rq_close_by = requestData.u_rq_close_by;
//SIEM Data
u_event = requestData.u_event;
u_source_ip = requestData.u_source_ip;
u_source_url = requestData.u_source_url;
u_source_port = requestData.u_source_port;
u_source_host = requestData.u_source_host;
u_source_domain = requestData.u_source_domain;
u_source_geo = requestData.u_source_geo;
u_file_name = requestData.u_file_name;
u_file_path = requestData.u_file_path;
u_process_name = requestData.u_process_name;
u_log_source = requestData.u_log_source;
u_act = requestData.u_act;
u_offense = requestData.u_offense;
u_destination_ip = requestData.u_destination_ip;
u_destination_url = requestData.u_destination_url;
u_destination_port = requestData.u_destination_port ;
u_destination_host = requestData.u_destination_host;
u_destination_domain = requestData.u_destination_domain;
u_impacted_user = requestData.u_impacted_user;
u_destination_geo = requestData.u_destination_geo;
u_malware = requestData.u_malware;
u_filehash = requestData.u_filehash;
u_mac_address = requestData.u_mac_address;
}
//Test ACG manadatory fields
//Manadatory: Caller, Configuration Item, Short Description, Company
//ToDo Caller should be an ACG account
var missingMandatoryFields = [];
if(caller === ""){
missingMandatoryFields.push('caller');
}
/*
if (cmdb_ci === ""){
missingMandatoryFields.push('cmdb_ci');
}
*/
if (short_description === ""){
missingMandatoryFields.push('short_description');
}
if (company === ""){
missingMandatoryFields.push('company');
}
if(missingMandatoryFields != 0){
var errorString = 'The requst is missing the following manadatory field(s): ';
missingMandatoryFields.forEach(function(element) {
errorString += element + " , ";
});
return new sn_ws_err.BadRequestError(errorString);
}
//Create Security Incident
var incidentSysID = '';
try{
var gr = new GlideRecord('sn_si_incident');
gr.initialize();
gr.caller = caller;
gr.contact_type = contact_type;
gr.cmdb_ci.setDisplayValue(cmdb_ci);
//gr.company = company;
gr.company.setDisplayValue(company);
gr.description = description;
gr.short_description = short_description;
gr.u_rq_ticket_id = u_rq_ticket_id;
gr.u_rq_caller = u_rq_caller;
gr.u_rq_source = u_rq_source;
gr.u_rq_priority = u_rq_priority;
gr.u_rq_category = u_rq_category;
gr.u_rq_subcategory = u_rq_subcategory;
//gr.u_rq_close_code = u_rq_close_code;
gr.u_rq_opened = u_rq_opened;
gr.u_rq_assignment_group = u_rq_assignment_group;
gr.u_rq_assigned_to = u_rq_assigned_to;
gr.u_rq_child_ticket = u_rq_child_ticket;
gr.u_rq_detection_source = u_rq_detection_source;
//gr.u_rq_close_by = u_rq_close_by;
//SEIM Data
gr.u_event = u_event;
gr.u_source_ip = u_source_ip;
gr.u_source_url = u_source_url;
gr.u_source_port = u_source_port;
gr.u_source_host = u_source_host;
gr.u_source_domain = u_source_domain;
gr.u_source_geo = u_source_geo;
gr.u_file_name = u_file_name;
gr.u_file_path = u_file_path;
gr.u_process_name = u_process_name;
gr.u_log_source = u_log_source;
gr.u_act = u_act;
gr.u_offense = u_offense;
gr.u_destination_ip = u_destination_ip;
gr.u_destination_url = u_destination_url;
gr.u_destination_port = u_destination_port ;
gr.u_destination_host = u_destination_host;
gr.u_destination_domain = u_destination_domain;
gr.u_impacted_user = u_impacted_user;
gr.u_destination_geo = u_destination_geo;
gr.u_malware = u_malware;
gr.u_filehash = u_filehash;
gr.u_mac_address = u_mac_address;
//Now Create the Security Incident and save sys_id to lookup Security Incident Number
incidentSysID = gr.insert();
} catch(e){
var error = new sn_ws_err.ServiceError();
error.setStatus(500);
error.setDetail("Create Record Failed");
error.setMessage("Failed to create (Short Description):" + short_description);
//Write to Log
gs.error("Failed to create Security Incident: " + e.message);
//Send HTTP 500 Stautus
return error;
}
//Loookup newely created Security Incident so we can send it back in the response
var incidentNumber = '';
try{
var grlu = new GlideRecord('sn_si_incident');
grlu.initialize();
grlu.addQuery('sys_id','=',incidentSysID);
grlu.query();
if(grlu.next()){
//gs.error("Inside next()" + grlu.number + " : " + grlu);
//this is where we return the result, i.e. the Security Incident Number
//var num = grlu.number;
//var incNum = {'Security Incident:' : grlu.number.toString()}; //Return object
//var incNum = "Security Incident " + grlu.number; //This works becouse num is cast into a string
var incNum = grlu.number.toString();
response.setStatus(201);
return incNum;
}else{
//Send sys_id if we can't find the security incident
return incidentSysID;
}
}catch(e){
var error = new sn_ws_err.ServiceError();
error.setStatus(500);
error.setDetail("Failed to find newely created Security Incident");
error.setMessage("Failed to find:" + short_description);
gs.error("Failed to find sys_id: " + incidentSysID + " : " + e.message);
//Send 500 Error
return error;
}
})(request, response);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment