WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware program targeting Microsoft Windows. On Friday, 12 May 2017, a large cyber-attack was launched, infecting over 230,000 computers in 150 countries. The WannaCry ransomeware exploits the Microsoft vulnerability MS17-010 [https://technet.microsoft.com/en-us/library/security/ms17-010.aspx] to infect unpatched Windows-based computers. The infection exploits Microsoft's implementation of the Server Message Block (SMB) protocol. Microsoft released a "Critical" advisory, along with an update patch to plug the vulnerability on 14 March 2017. This patch fixed several workstation versions of the Microsoft Windows operating system including Windows Vista and Windows 8 as well as server versions such as Windows Server 2008, but not the older Windows XP, according to Microsoft.
While the initial outbreak was suspected to originate from a Spear Phishing attack, the threat expanded by exploiting the SMB vulnerability to spread out to random computers on the Internet, and "laterally" to computers on the same Local Area Network (LAN).
ServiceNow does not use Windows-based computers in its production environment. As such, there is no direct threat to customer data hosted within ServiceNow’s subscription service. Nevertheless, ServiceNow has implemented IDS signatures, SPAM filters, and Firewall rules to prevent, monitor and detect for signs of WannaCry-related activities.
VMWare vCenter Operations Manager, also known as VCOPS, is a key component of the vCenter operations manager suite. It provides comprehensive visibility and insights into the performance, capacity, and health of managed infrastructures. Evanios has created a packaged integration for vCops that will make it possible for you to receive alerts directly to ServiceNow.
Quickly integrate VCOPS to ServiceNow using Evanios Operations
With Evanios Operations and it's pre-packaged rules for VCOPS, our solution is able to integrate with ServiceNow in no time. The package contains out of the box defined rules to help VCOPS alerts to easily map to ServiceNow fields. When an alert occur in VCOPS, an SNMP trap will be send to the Evanios Agent. The Evanios agent will map these traps into Evanios Events and send the event details to ServiceNow so they can be dealt with accordingly. Once Evanios Operations is installed on your ServiceNow instance, you can tailor these rules or define new rules to fit your business needs.
Lets take a look at the vCops dashboard:
What does a vCops alert look like in ServiceNow?
Now that you have successfully integrated Evanios Operations as an event management layer between vCops and ServiceNow, lets see what a vCops event mapped to ServiceNow looks like:
Now that the SNMP trap event has been mapped to Evanios Operations; Here is a look at an incident in ServiceNow from vCops events:
The out of the box rules that are packaged with the VCOPS integration will map the SNMP trap received from VCOPS that is cryptic into the common event format that is readable and understandable by a night shift operator. The severity of the event is mapped accordingly based on the VCOPS severity and when a reset is sent from VCOPS, the event is automatically closed in Evanios Operations and the incident ticket updated.
For more information on how this simple integration works and to learn how to get started on your own integration, see our documentation.
Why Integrate VCOPS to ServiceNow through Evanios Operations?
Many of our customers have leveraged Evanios Operations to integrate VCOPS events into ServiceNow. Evanios Operations is an event and operations management solution that runs directly on ServiceNow. It collects events from your monitoring solutions and acts as a manager for them. With Evanios Operations you get an overall view of your IT environment where events can be de-duplicated, correlated and acted upon.
Our Event Management solution is a ServiceNow application, which is able to leverage ITSM data from other applications. The response to an event can be changed based on its definition the CMDB or what business services it might impact. The response can be handled differently if you are in the middle of an active scheduled change. Because let’s face it: No one wants to get a wake up call for a scheduled change.
When you put an Event Management layer between the monitoring systems and ServiceNow’s incident application, it provides a more effective way to create tickets in the service desk and meaningful incidents. But the reasons for using Evanios Event Management don’t stop there – its processes are defined in ITIL v3 Service Operation and offer a more in-depth explanation.
Where do I go from here?
Learn how you can download and deploy the Evanios Integrations solution or our robust Evanios Operations Event Management platform for free.
Please remember, we are currently enrolling customers into our software preview program for the demo we showed you to get better service desk cost transparency and insights. If you are interested please email firstname.lastname@example.org to get more information about the program.
Call for topics! ServiceNow Texas community members – North Texas, South Texas, Central Texas!
We are planning our next Texas User Groups targeting early September and would like to understand which topics you are interested in hearing about. We have preselected four key topics (listed below) that were presented during the breakouts at Knowledge 13 our annual user conference that took place on May 12 – May 16, 2013 in Las Vegas.
Topic 1: Conducting an IT Symphony with ServiceNow Orchestration Topic 2: What is new in Calgary – the latest release of ServiceNow Topic 3: Debugging and Troubleshooting ServiceNow Topic 4: Catalog/Request 201: Take your Service Catalog to the next level Topic 5: Please provide a topic that you would like to hear about that is not listed above.