Cherwell Service Management

the cherwell service management connector allows for seamless integration with swimlane turbine, enabling the automation of incident and security event management cherwell service management is a comprehensive it service management (itsm) solution that enables organizations to automate service desk operations and manage it services efficiently this connector allows swimlane turbine users to integrate with cherwell, providing streamlined incident management, security event handling, and ticketing capabilities directly within the swimlane platform enhance your security automation workflows with the ability to create, update, close, and retrieve tickets and security events, ensuring rapid response and resolution of it issues and security incidents asset setup or prerequisites to utilize the cherwell service management connector within swimlane turbine, ensure you have the following prerequisites custom authentication with cherwell credentials, which includes cherwell server url the base url for your cherwell service management instance username your cherwell user account name password your cherwell account password api client id the unique identifier for your api client registered in cherwell capabilities the cherwell service management integration provides the following capabilities get current tickets by business object get current tickets for incidents and security events get business object fields create, close, update, or retrieve an incident by id create, close, update, or retrieve a security event by id notes about get current tickets filters list of available operators operator description eq equals specified value gt greater than specified value lt less than specified value contains contains specified value startswith starts with specified value filters can be built as follows field,operator,value for example; incidentid,eq,102401 this filter should be passed to querystrings input field notes incidents or security events in workflow go through these states new incident is created, recorded (initial details), classified, and assigned to an owner assigned incident is assigned to an owner in progress the incident is being investigated/fulfilled and resolved by an owner pending the incident is temporarily paused (stop the clock) resolved the incident has been resolved and is waiting to be closed closed the incident is closed reopened the incident is reopened because the issue was not fixed or reoccurred configurations cherwell asset authenticates using cherwell credentials configuration parameters parameter description type required url the url of the cherwell instance string required username account username string required password account password string required client id api client id string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions close security event closes a specified security event in cherwell service management using the provided seceventid input argument name type required description seceventid string required the unique identifier for the security event that needs to be closed input example {"seceventid" "100577"} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} close ticket closes an incident ticket in cherwell service management using the provided incidentid input argument name type required description incidentid string required the unique identifier for the incident ticket that needs to be closed input example {"incidentid" "102999"} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} create security event create a new security event in cherwell service management with specified priority, source, date/time, and details input argument name type required description priority string required the priority level of the security event allowed values are low, normal, and high eventsource string required the source or origin of the security event eventdatetime string required the date and time when the security event occurred details string required additional information or description of the security event recid string optional a unique identifier for the security event record eventoperationstypeid string optional the id of the event operations type eventoperationstypename string optional the name of the event operations type createddatetime string optional the date and time when the event was created createdby string optional the name of the person who created the event createdbyid string optional the id of the person who created the event createdculture string optional the culture or language settings under which the event was created lastmoddatetime string optional the date and time when the event was last modified lastmodby string optional the person or system that last modified the event lastmodbyid string optional the identifier of the person or system that last modified the event ownedby string optional the name of the person or team responsible for managing the event ownedbyid string optional the identifier of the person or team responsible for the event ownedbyteam string optional the team responsible for managing the security event ownedbyteamid string optional the identifier for the team managing the event eventoperationsid string optional the identifier of the event operational process reportedby string optional the name of the person or entity that reported the security event reportedbyemail string optional the email address of the person who reported the event reportedbyphone string optional the phone number of the person who reported the event discovery string optional information about how the event was discovered eventci string optional the configuration item related to the security event status string optional the current status of the security event input example {"priority" "string","eventsource" "string","eventdatetime" "string","details" "string","recid" "string","eventoperationstypeid" "string","eventoperationstypename" "example name","createddatetime" "string","createdby" "string","createdbyid" "string","createdculture" "string","lastmoddatetime" "string","lastmodby" "string","lastmodbyid" "string","ownedby" "string","ownedbyid" "string","ownedbyteam" "string","ownedbyteamid" "string","eventoperationsid" "string","reportedby" "string","reportedbyemail" "string","reportedbyphone" "string","discovery" "string","eventci" "string","status" "active","hostname" "example name","srcipaddress" "string","source" "string","level" "string","service" "string","destipaddress" "string","attachedtosecurityincident" "string","citype" "string","networkeventtype" "string","runbookname" "example name","ismssecurityeventid" "string","incidentid" "string","changerequestid" "string","causecode" "string","ownedbyemail" "string","ownedbyphone" "string","requesterid" "string","configurationitemid" "string","eventresponsenotes" "string","cirisk" "string","supportingservicerisk" "string","ismsciriskassessmentid" "string","ciriskassessmentid" "string","lastmodtimestamp" "string","primaryconfigitemrecid" "string"} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} create ticket generates a new incident ticket in cherwell service management with details like customer name, description, priority, service, and source input argument name type required description customerdisplayname string required the name of the customer reporting the issue (e g , max megalos) summary string optional a brief summary of the issue description string required a detailed description of the problem (e g , cannot print to network printer) priority string required the urgency of the issue, ranging from low to high service string required the affected service, such as e mail, desktop management, or network services category string optional a broad classification of the issue, covering areas like network access, anti virus, or misc software subcategory string optional a more specific breakdown of the category, such as new account, password reset, or request new computer source string required how the issue was reported, whether via walk in, e mail, phone, or another method lastmodbyid string optional the id of the user who last modified the ticket createdbyemail string optional the email address of the user who created the ticket (e g , mailto\ user\@example com ) comments string optional additional comments or updates about the ticket (e g , withdrawn by henri bryce) recurringincident string optional whether the incident is recurring (e g , 'false') reviewbydeadline string optional a deadline by which the incident should be reviewed (e g , 2/14/2018 12 00 00 am) customertypeid string optional the customer type identifier nextstatusonestep string optional information about the next status step for the ticket ownedbymanager string optional the name of the manager responsible for the ticket (e g , gina mehra) level3escalationteam string optional the team handling the third level escalation (e g , 3rd level support) tasksonhold string optional whether tasks related to the incident are on hold (e g , 'false') nextstatustext string optional the next status text for the incident sla key string optional the service level agreement key (e g , platinum incident) error message string optional any error messages associated with the ticket cidowntimeinminutes string optional the duration of configuration item downtime, in minutes (e g , 300) withdraw string optional whether the incident has been withdrawn (e g , 'false') customersubscriptionlevel string optional the customer subscription level (e g , gold) sctfired string optional whether an sct (service configuration template) was fired input example {"customerdisplayname" "max megalos","description" "cannot print to network printer","priority" "1","service" "account management,conferencing/presentation,desktop management,e mail/calendaring,employee support,enterprise apps, it servicedesk,network services,printing,telephone/fax or web services","category" "network access,cherwell self service,video/audio conferencing,equipment request,computer,os,anti virus,misc software,desktop client,mobile client,browser client,","subcategory" "submit incident","source" "event","lastmodbyid" "93546560c6334c3c105d17437c843b9557775b2e0c","createdbyemail" "user\@example com","comments" "withdrawn by henri bryce on 3/10/2016 7 44 am via the company portal removed from cart by customer ","recurringincident" "false","reviewbydeadline" "2/14/2018 12 00 00 am","customertypeid" "93405caa107c376a2bd15c4c8885a900be316f3a72","nextstatusonestep" "\<trebuchet>\<actioninfodef id=93d969b712f8","ownedbymanager" "gina mehra","level3escalationteam" "3rd level support","tasksonhold" "false","sla key" "platinum incident","cidowntimeinminutes" "300","withdraw" "false","customersubscriptionlevel" "gold","sctfired" "true or false","slaidforci" "93838607346b42be7074af487d9171ea9f948b7204","createdduring" "8 to 5 monday thru friday","approvalblockid" "93838607346b42be7074af487d9171ea9f948b7204","totalstctimeinminutes" "0","ownedby" "josh wilson","closedescription" "had the user reset their password and they were able to login ","slanameforcustomer" "platinum","stat datetimeassigned" "2/18/2019 2 04 02 pm","defaultteam" "1st level support","pendingreason" "pending change request","slaname" "platinum","slaresponsewarning" "2/18/2019 2 17 02 pm","location" "colorado springs","slaresolvebydeadline" "2/19/2019 11 03 00 am","stat datetimeresolved" "2/18/2019 2 15 10 pm","servicecartid" "94158f8a42539e9020253a4eaeb4001971f311bbcd","closedby" "cherwell admin","clonedincident" "true or false","changeid" "93ecd360afc8bf81a79b914d5eba8f20be72a897b1","pendingstartdatetime" "3/18/2019 8 05 00 am","nextstatus" "begin work, set pending, resolve, close, reopen","statusid" "cc7383192e644834b6531d0da56194e5","configitemtypeid" "cc7383192e644834b6531d0da56194e5","stctimeinminutes" "20","lastmodifieddatetime" "12/10/2019 12 11 29 pm","configitemrecid" "93db88a5ec5a67c46945d34b2fa692b603e191c6a2","createddatetime" "2/18/2019 2 02 02 pm","callsource" "walk in or social media or e mail or event or portal or chat session or mobile","majorincidentid" "100577","serviceid" "93838695cf676f6dccef2c42a9a630ed0b8085613f","wascidown" "false","urgency" "high","stat firstcallresolution" "false","lastmodby" "cherwell admin","incidentchildrecid" "93838695cf676f6dccef2c42a9a630ed0b8085613f","clonedincidentid" "100345","slarespondbydeadline" "2/18/2019 2 32 02 pm","slaid" "93838607346b42be7074af487d9171ea9f948b7204","closedon1stcall" "false","impact" "individual or company or whenever possible","stat slaresolutiongood" "true","smartclassifysearchstring" "submit incident or new employee setup","majorincidentrecid" "93d605eb8ffd63610adfb24cf0ac81f502d967098b","linkedproblem" "93db8594ca1d42fd7c59c94302995fbb8d91e69383","totaltasks" "0 0","tasksclosed" "false","portalaffectsmultipleusers" "false","showcontactinformation" "true or false","status" "new,assigned,in progress,pending,resolved,closed or reopened","cidownenddatetime" "2/19/2019 10 48 00 am","type name" "incident","totaltasktime" "0 00","level2escalationcomplete" "true","pendingpreviousstatus" "in progress","slaidforcustomer" "93838607346b42be7074af487d9171ea9f948b7204","stat datetimeresponded" "2/18/2019 2 08 02 pm","requesterdepartment" "administration or sales & marketing or accounting ","incidentchildid" "93546560c6334c3c105d17437c843b9557775b2e0c","busobpublicid" "100576","busobid" "6dd53665c0c24cab86870a21cf6434ae","closeddatetime" "2/19/2019 8 58 03 am","stat datetimeinprogress" "2/18/2019 2 08 02 pm","incidentdurationindays" "0 79","level3escalationcomplete" "true or false","tasksinprogress" "false","incidenttype" "incident","cidownstartdatetime" "2/19/2019 10 48 00 am","majorincident" "true","createdbyid" "9365b5492e73e147d96f0f48cb856c89e3918c5871","recid" "93d605e29a4a79c71cb4584dc1b5d740a1edeea675","specificstypeid" "9398862125defd58a8deea46fe88acc411a96e2b00","cause" "untrained user","stat incidentreopened" "true","busobrecid" "93d605e29a4a79c71cb4584dc1b5d740a1edeea675","servicecatalogtemplatename" "hr process","stat numberoftouches" "59","ownedbyteam" "1st level support","breachnotes" "please describe the delay here 2nd level support didn't check the odbc until the next morning","stat incidentescalated" "false","customerrecid" "9349ef7253eba3a1e516744da5bb4ca82ff8f4157c","configitemdisplayname" "max lap","slaresolutionwarning" "2/19/2019 10 48 00 am","stat datetimeclosed" "2/18/2019 2 30 10 pm","closedbyid" "93546560c6334c3c105d17437c843b9557775b2e0c","level2escalationteam" "2nd level support","createdby" "josh wilson","ownedbyid" "9365b5492e73e147d96f0f48cb856c89e3918c5871","serviceentitlements" "platinum, gold, silver, corporate","stat numberofescalations" "0","statusdesc" "incident is closed","linkedslas" "93838607346b42be7074af487d9171ea9f948b7204","pendingenddatetime" "2/19/2019 10 48 00 am","taskclosedcount" "0","ownedbyteamid" "9365b4e90592c81e3b7a024555a6c0094ba77e8773","incidentdurationinhours" "18 93","cost" "709 00"} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} get business object fields retrieves field definitions for a specified business object in cherwell service management using the business object name input argument name type required description busobjname string required specifies the name of the business object for which field definitions are to be retrieved this value should match an existing business object in cherwell service management, such as 'incident' or 'securityevent' the field is required for the action to function properly input example {"busobjname" "incident or securityevent"} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} get current incidents retrieve a list of current incidents from cherwell service management without requiring additional parameters input argument name type required description querystrings string optional allows for optional filtering of incidents based on specific criteria for example, to filter incidents with a specific incident id, use incidentid,eq,102401 limit number optional specifies the maximum number of incidents to retrieve in the response this field is optional and helps control the size of the result set input example {"querystrings" "incidentid,eq,102401","limit" 10} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} get current security events retrieve the latest security events from cherwell service management for analysis and tracking input argument name type required description querystrings string optional allows for optional filtering of security events based on specific criteria for instance, you can filter by incident id using incidentid,eq,102401 limit number optional specifies the maximum number of security events to return in the response this optional field helps manage the volume of data returned by the action input example {"querystrings" "incidentid,eq,102401","limit" 10} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} get current tickets retrieve all current tickets from cherwell service management using the specified business object name input argument name type required description busobjname string required the name of the cherwell business object from which tickets will be retrieved querystrings string optional query strings to filter the search the format should be a comma separated list specifying the field, operator, and value limit number optional the maximum number of tickets to retrieve in the response input example {"busobjname" "incident","querystrings" "incidentid,eq,102401","limit" 10} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} get security event by id retrieve detailed information for a specific security event by its unique id in cherwell service management input argument name type required description seceventid string required the unique identifier for the security event that you want to retrieve input example {"seceventid" "100577"} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} get ticket by id retrieve detailed information for a specific incident ticket in cherwell service management using the incidentid input argument name type required description incidentid string required the unique identifier for the incident ticket you want to retrieve input example {"incidentid" "100577"} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} update incident updates an existing incident in cherwell service management using the provided incidentid input argument name type required description incidentid string required updates an existing incident in cherwell service management using the provided incident id customerdisplayname string optional specifies the display name of the customer description string optional provides a description of the incident or issue priority string optional defines the priority level of the incident service string optional specifies the service involved in the incident category string optional categorizes the type of issue subcategory string optional provides a more specific categorization under the main category source string optional identifies the source of the incident lastmodbyid string optional indicates the id of the user who last modified the incident createdbyemail string optional provides the email address of the user who created the incident comments string optional allows for additional comments or notes on the incident recurringincident string optional specifies if the incident is recurring reviewbydeadline string optional sets a deadline for reviewing the incident customertypeid string optional identifies the type of customer nextstatusonestep string optional defines the next status step for the incident ownedbymanager string optional specifies the manager who owns the incident level3escalationteam string optional indicates the team responsible for level 3 escalation tasksonhold string optional specifies whether tasks are on hold for this incident nextstatustext string optional provides text for the next status update sla key string optional identifies the sla key associated with the incident error message string optional provides an error message, if applicable cidowntimeinminutes string optional tracks the downtime of the configuration item in minutes withdraw string optional indicates whether the incident has been withdrawn customersubscriptionlevel string optional defines the customer's subscription level sctfired string optional tracks if an sct (service catalog template) was triggered input example {"incidentid" "100577","customerdisplayname" "max megalos","description" "cannot print to network printer","priority" "1","service" "account management,conferencing/presentation,desktop management,e mail/calendaring,employee support,enterprise apps, it servicedesk,network services,printing,telephone/fax or web services","category" "network access,cherwell self service,video/audio conferencing,equipment request,computer,os,anti virus,misc software,desktop client,mobile client,browser client,","subcategory" "submit incident","source" "event","lastmodbyid" "93546560c6334c3c105d17437c843b9557775b2e0c","createdbyemail" "user\@example com","comments" "withdrawn by henri bryce on 3/10/2016 7 44 am via the company portal removed from cart by customer ","recurringincident" "false","reviewbydeadline" "2/14/2018 12 00 00 am","customertypeid" "93405caa107c376a2bd15c4c8885a900be316f3a72","nextstatusonestep" "\<trebuchet>\<actioninfodef id=93d969b712f8","ownedbymanager" "gina mehra","level3escalationteam" "3rd level support","tasksonhold" "false","sla key" "platinum incident","cidowntimeinminutes" "300","withdraw" "false","customersubscriptionlevel" "gold","sctfired" "true or false","slaidforci" "93838607346b42be7074af487d9171ea9f948b7204","createdduring" "8 to 5 monday thru friday","approvalblockid" "93838607346b42be7074af487d9171ea9f948b7204","totalstctimeinminutes" "0","ownedby" "josh wilson","closedescription" "had the user reset their password and they were able to login ","slanameforcustomer" "platinum","stat datetimeassigned" "2/18/2019 2 04 02 pm","defaultteam" "1st level support","pendingreason" "pending change request","slaname" "platinum","slaresponsewarning" "2/18/2019 2 17 02 pm","location" "colorado springs","slaresolvebydeadline" "2/19/2019 11 03 00 am","stat datetimeresolved" "2/18/2019 2 15 10 pm","servicecartid" "94158f8a42539e9020253a4eaeb4001971f311bbcd","closedby" "cherwell admin","clonedincident" "true or false","changeid" "93ecd360afc8bf81a79b914d5eba8f20be72a897b1","pendingstartdatetime" "3/18/2019 8 05 00 am","nextstatus" "begin work, set pending, resolve, close, reopen","statusid" "cc7383192e644834b6531d0da56194e5","configitemtypeid" "cc7383192e644834b6531d0da56194e5","stctimeinminutes" "20","lastmodifieddatetime" "12/10/2019 12 11 29 pm","configitemrecid" "93db88a5ec5a67c46945d34b2fa692b603e191c6a2","createddatetime" "2/18/2019 2 02 02 pm","callsource" "walk in or social media or e mail or event or portal or chat session or mobile","serviceid" "93838695cf676f6dccef2c42a9a630ed0b8085613f","wascidown" "false","urgency" "high","stat firstcallresolution" "false","lastmodby" "cherwell admin","incidentchildrecid" "93838695cf676f6dccef2c42a9a630ed0b8085613f","clonedincidentid" "100345","slarespondbydeadline" "2/18/2019 2 32 02 pm","slaid" "93838607346b42be7074af487d9171ea9f948b7204","closedon1stcall" "false","impact" "individual or company or whenever possible","stat slaresolutiongood" "true","smartclassifysearchstring" "submit incident or new employee setup","majorincidentrecid" "93d605eb8ffd63610adfb24cf0ac81f502d967098b","linkedproblem" "93db8594ca1d42fd7c59c94302995fbb8d91e69383","totaltasks" "0 0","tasksclosed" "false","portalaffectsmultipleusers" "false","showcontactinformation" "true or false","status" "new,assigned,in progress,pending,resolved,closed or reopened","cidownenddatetime" "2/19/2019 10 48 00 am","type name" "incident","totaltasktime" "0 00","level2escalationcomplete" "true","pendingpreviousstatus" "in progress","slaidforcustomer" "93838607346b42be7074af487d9171ea9f948b7204","stat datetimeresponded" "2/18/2019 2 08 02 pm","requesterdepartment" "administration or sales & marketing or accouting ","incidentchildid" "93546560c6334c3c105d17437c843b9557775b2e0c","busobpublicid" "100576","busobid" "6dd53665c0c24cab86870a21cf6434ae","closeddatetime" "2/19/2019 8 58 03 am","stat datetimeinprogress" "2/18/2019 2 08 02 pm","incidentdurationindays" "0 79","level3escalationcomplete" "true or false","tasksinprogress" "false","incidenttype" "incident","cidownstartdatetime" "2/19/2019 10 48 00 am","majorincident" "true","createdbyid" "9365b5492e73e147d96f0f48cb856c89e3918c5871","recid" "93d605e29a4a79c71cb4584dc1b5d740a1edeea675","specificstypeid" "9398862125defd58a8deea46fe88acc411a96e2b00","cause" "untrained user","stat incidentreopened" "true","busobrecid" "93d605e29a4a79c71cb4584dc1b5d740a1edeea675","servicecatalogtemplatename" "hr process","stat numberoftouches" "59","ownedbyteam" "1st level support","breachnotes" "please describe the delay here 2nd level support didn't check the odbc until the next morning","stat incidentescalated" "false","customerrecid" "9349ef7253eba3a1e516744da5bb4ca82ff8f4157c","configitemdisplayname" "max lap","slaresolutionwarning" "2/19/2019 10 48 00 am","stat datetimeclosed" "2/18/2019 2 30 10 pm","closedbyid" "93546560c6334c3c105d17437c843b9557775b2e0c","level2escalationteam" "2nd level support","createdby" "josh wilson","ownedbyid" "9365b5492e73e147d96f0f48cb856c89e3918c5871","serviceentitlements" "platinum, gold, silver, corporate","stat numberofescalations" "0","statusdesc" "incident is closed","linkedslas" "93838607346b42be7074af487d9171ea9f948b7204","pendingenddatetime" "2/19/2019 10 48 00 am","taskclosedcount" "0","ownedbyteamid" "9365b4e90592c81e3b7a024555a6c0094ba77e8773","incidentdurationinhours" "18 93","cost" "709 00"} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} update security event updates a specific security event in cherwell service management using the provided seceventid input argument name type required description seceventid string required the unique identifier of the security event to be updated priority string optional defines the priority level of the security event possible values are low, normal, high eventsource string optional the source from which the security event was generated eventdatetime string optional the date and time when the event occurred details string optional additional information or details about the security event recid string optional the record id associated with the security event eventoperationstypeid string optional the identifier for the type of operation performed on the event eventoperationstypename string optional the name corresponding to the type of operation performed on the event createddatetime string optional the timestamp of when the security event was created createdby string optional the individual or system that created the security event createdbyid string optional the id of the person or system who created the security event createdculture string optional the cultural settings applied during the event creation lastmoddatetime string optional the timestamp of the last modification made to the event lastmodby string optional the individual or system that last modified the event lastmodbyid string optional the id of the person or system who last modified the event ownedby string optional the owner of the security event ownedbyid string optional the id of the individual or team owning the security event ownedbyteam string optional the team responsible for managing the security event ownedbyteamid string optional the id of the team responsible for the security event eventoperationsid string optional the unique identifier for the operations performed on the event reportedby string optional the person or system who reported the security event reportedbyemail string optional the email address of the individual who reported the event reportedbyphone string optional the phone number of the individual who reported the event discovery string optional information on how the security event was discovered eventci string optional the configuration item (ci) associated with the event input example {"seceventid" "100577"} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt