In a previous article I wrote about a Slack App that I wrote as a proof of concept to prove the value of Slack. This app was developed at the request of my manager who told me to show executive management how we can automate some of our workflows as well as help our customers engage with our services in a better way. In the other article I wrote about interacting with MISP and VirusTotal, while these are likely more useful from an analyst perspective they have been done before.
The next interaction I wanted to add was the ability for a Slack user to be able to interact with our newly selected ITSM, ServiceDesk Plus MSP.
ServiceDesk Plus MSP
ServiceDesk Plus MSP (SDPM) by ManageEngine is an interesting piece of software. It is almost the same as the non-MSP version, ServiceDesk Plus but it isn’t. There are features in MSP such as the concept of an account that aren’t in ServiceDesk Plus. Conversely there are features such as SAML SSO support that aren’t in MSP. Honestly it is sort of odd, they look and feel like the same product but aren’t. The APIs are a bit different, the authentication is a bit different, configuration is a bit different, etc
The SDPM APIs are documented here, they focus primarily on the “requests” (aka tickets) functionality. Manage Engine does seem to be adding additional modules with each release but not nearly as quickly as I find useful. The positive thing with this is that ServiceDesk Plus uses a database backend which you can query directly if need be. The demo instance has a Postgres DB baked in, however you can choose other databases when you install into production.
I created another python file to house the ServiceDesk code. This code can be found in my slackapp Github repo.
A few gotchas that weren’t well documented. Depending on the query type (GET, POST, etc) changes what values need to be passed as either params or data to the query. This isn’t documented at all that I could find!
Another issue I ran into is that ServiceDesk Plus MSP provides a web-based API testing interface that allows you to send in JSON and see the response. This sounds great and it would have been a huge help, if it actually worked. The webpage doesn’t know how to send the correct values in the correct location either! It kept giving an error about expecting the correct XML. This error is actually misleading as ServiceDesk Plus MSP has deprecated v1 of the API which was XML based in favor of v2 which uses JSON.
Once these two items were solved it was smooth sailing for the app. I was very quickly able to create two POC style workflows that allows the Slack app to do a few items, create a ticket, list tickets, list customers and get tickets for those customers.
Since this was simply a POC this level of integration is all that was required. However, it would be extremely easy to expand this to include ticket comments (notes in ServiceDesk Plus) which is where the real power of the Slack app would come in. Allowing a customer or user to have a one stop location where they can not only access their ticket info but also pull other information that we have is very useful.