Solution Guides
Edit on GitHub

ServiceNow ITSM Ticket Enrichment Automation - Solution Guide

Ansible + ServiceNow

Overview

ServiceNow is one of the most common ITSM solutions in the market. Organizations spend significant time manually creating, triaging, and enriching service tickets – context that already exists in systems like Red Hat Insights but requires manual lookup and copy-paste into ITSM fields. This guide walks through a practical automation use case: creating a ServiceNow incident and enriching it with CVE advisory data from Red Hat Insights, all driven by Ansible Automation Platform.

Operational impact: None (read-only enrichment; no infrastructure changes)

Background

Modern information technology impacts every part of an organization, managing countless tasks and processes. Businesses rely on ServiceNow IT Service Management (ITSM) to coordinate these efforts and deliver customer value.

The Ansible Automation Platform for ServiceNow solution creates “closed-loop” automation between ServiceNow ITSM and Ansible Automation Platform workflows, eliminating the need for manual intervention. The Red Hat Ansible Certified Content Collection for ServiceNow enables Ansible automation workflows to open, close, and update service requests, incidents, problems, and change requests directly within ServiceNow.

With Ansible Automation Platform, you can collect information from existing service tickets, open and close service tickets, and enrich those tickets with data collected across your IT infrastructure. In this guide, we use a CVE example targeting Linux infrastructure.

Ansible Automation Platform – redhat.com

ServiceNow IT Service Management

Solution

What makes up the solution?

Who Benefits

Persona Challenge What They Gain
IT Ops / Service Desk Manually copying CVE details into tickets; slow triage Automated ticket creation with CVE context already populated
Security / Compliance Inconsistent CVE documentation across incidents Standardized enrichment from authoritative Red Hat advisory data
IT Manager Slow incident response; lack of visibility into vulnerability exposure Reduced MTTR, consistent ticket quality, and measurable enrichment coverage

Recommended demos and self-paced labs:

Prerequisites

Ansible Automation Platform

Tip: New to Ansible?

These learning paths cover the fundamentals: Foundations of Ansible, Get started with Ansible Playbooks, Get started with the Ansible VS Code extension, and the execution environment build guide.

ServiceNow

Featured Ansible Content Collections

Collection Type Purpose
servicenow.itsm Certified Create, update, and query ServiceNow incidents, problems, and change requests

Tip: Not yet an AAP customer?

The collections referenced in this guide are available via Red Hat Hybrid Cloud Console. You can also sign up for a free 60-day trial.

ServiceNow ITSM Workflow

Ansible Playbook
  → Query ServiceNow for existing ticket data
    → Create a new ServiceNow incident
      → Query Red Hat Insights API for CVE advisory details
        → Enrich the ServiceNow ticket with CVE type, description, affected systems, and solution

This workflow starts with basic ITSM operations (reading and creating tickets), then layers in external intelligence from Red Hat Insights to populate tickets with actionable CVE context. Each step is a standalone playbook that can also be chained into an AAP workflow template for end-to-end automation.

Solution Walkthrough

Step 1: Gather data from your ITSM

Operational impact: None (read-only)

Use the servicenow.itsm.incident_info module to retrieve details from an existing ServiceNow ticket. This is the foundation for any enrichment or follow-up automation.

---
- name: Retrieve ServiceNow ticket details
  hosts: localhost
  gather_facts: false

  vars:
    ticket_number: ""

  tasks:
    - name: Retrieve incidents by number
      servicenow.itsm.incident_info:
        instance:
          host: ""
          username: ""
          password: ""
        number: ""
      register: result
      delegate_to: localhost

    - name: Print ticket details
      ansible.builtin.debug:
        msg: ""

Create a job template using this playbook. Save it as “Collect ticket information” and launch it.

Tip: Extend with set_fact or set_stats.

Use ansible.builtin.set_fact to allocate relevant data into Ansible variables, or ansible.builtin.set_stats to persist data between templates in an automation workflow.

Step 2: Create a service ticket

Operational impact: Low (creates a new incident in ServiceNow)

Use the servicenow.itsm.incident module to create a new service ticket.

---
- name: Create Service Ticket
  hosts: localhost
  gather_facts: false

  vars:
    SN_HOST: ""
    SN_USERNAME: ""
    SN_PASSWORD: ""

  tasks:
    - name: Create ticket
      servicenow.itsm.incident:
        instance:
          host: ""
          username: ""
          password: ""
        state: new
        caller: Admin
        impact: low
        urgency: low
      register: ticket_details
      delegate_to: localhost

    - name: Print ticket details
      ansible.builtin.debug:
        msg: ""

Create a job template using this playbook. Save it as “Create ServiceNow Ticket” and launch it.

Tip: Combine into a workflow.

You can chain Steps 1 and 2 into an AAP workflow template to both create a ticket and gather information in a single automated run.

Step 3: Enrich a ServiceNow ticket with CVE data

Operational impact: Low (creates an enriched incident with CVE details)

This is where the real value emerges. Using ansible.builtin.uri to query the Red Hat Insights API for CVE advisory details, then servicenow.itsm.incident to create an enriched ticket with the advisory type, description, affected CVEs, and recommended solution.

---
- name: Gather CVE Details
  hosts: localhost
  gather_facts: false

  vars:
    advisory_id:
    rhsm_username:
    rhsm_password:
    SN_HOST: ""
    SN_USERNAME: ""
    SN_PASSWORD: ""

  tasks:
    - name: Retrieve related CVEs from advisory
      ansible.builtin.uri:
        url: "https://console.redhat.com/api/patch/v3/advisories//systems?page=1&perPage=20&sort=-last_upload&offset=0&limit=20"
        method: GET
        url_username: ""
        url_password: ""
        force_basic_auth: true
        status_code: 200
      register: cves_list

    - name: Gather CVE details
      ansible.builtin.uri:
        url: "https://console.redhat.com/api/patch/v3/advisories/"
        method: GET
        url_username: ""
        url_password: ""
        force_basic_auth: true
        status_code: 200
      register: cve_details

    - name: Extract advisory fields
      ansible.builtin.set_fact:
        cve_type: ""
        cves_description: ""
        solution: ""
        cves: ""

    - name: Create enriched incident
      servicenow.itsm.incident:
        instance:
          host: ""
          username: ""
          password: ""
        state: new
        caller: ""
        short_description: "New Advisory CVE Type - "
        description: |
          Alert Type: 
          CVE: 

          CVE Description: 

          Possible Solution: 
        urgency: high
      register: new_incident

Create a job template using this playbook. Save it as “Enrich CVE ticket.” Add a survey to capture the CVE advisory number as user input, then launch and provide the advisory ID from Red Hat Insights.

Validation

Checkpoint What to verify Success indicator
Step 1 output Ticket data returned result contains incident fields (number, state, description)
Step 2 output Ticket created New incident number appears in ticket_details; visible in ServiceNow
Step 3 output Enriched ticket Incident description contains CVE type, description, affected CVEs, and solution text from Red Hat Insights

Troubleshooting

Symptom Likely Cause Fix
401 Unauthorized from ServiceNow Wrong credentials or locked account Verify SN_HOST, SN_USERNAME, SN_PASSWORD; confirm user has ITSM roles
servicenow.itsm module not found Collection not installed in execution environment Add servicenow.itsm to your EE requirements; rebuild with ansible-builder
Red Hat Insights API returns 403 Invalid RHSM credentials or missing entitlements Confirm rhsm_username / rhsm_password; verify Insights subscription
Ticket created but description is empty Variables not passed between tasks Check set_fact task; ensure register names match downstream references
ServiceNow API app not installed Missing the Red Hat AAP Certified Content Collection API app Install from the ServiceNow Store

Maturity Path

Maturity Description
Crawl Gather ticket data and create incidents manually via job templates
Walk Chain steps into AAP workflow templates; enrich tickets with CVE data from Red Hat Insights; add surveys for user input
Run Integrate Event-Driven Ansible for automatic ticket creation on alerts; update CMDB; attach reports; connect monitoring/observability tools for closed-loop remediation

Summary

This guide demonstrates the lowest-risk entry point for ServiceNow + Ansible automation: reading ticket data, creating incidents, and enriching them with CVE advisory context from Red Hat Insights. Each step builds on the last, from simple data gathering to automated enrichment that reduces manual triage and improves ticket quality. Once comfortable with these patterns, teams can extend to CMDB updates, file attachments, Event-Driven Ansible integrations, and the governed LEAP + MCP execution pattern described in the companion guide.

Next Steps

   
Try Ansible Automation Platform Start a free 60-day trial and build your first automation workflows
Red Hat Consulting Work with Red Hat experts to design, implement, and scale AIOps automation tailored to your environment
Training and Certification Build team skills with hands-on courses and industry-recognized certifications