okay good evening and welcome to phil goes deep it has been a number of months since i did anything on the uh youtube channel uh no live streaming for probably over five months now so i'm just going to apologize for any technical difficulties anything that goes wrong i will not be uh surprised hopefully the levels are okay if you hit up in the chat any problems with audio i've shared a link to the servicenow community for this project so anyone who's seen the channel before knows i focus on servicenow grc and this project is a little bit different what i'm planning to do and this might not end up working out but what i'm planning to do is to see if we can convert grc over to flow designer so there are some areas that are already doing flow designer in grc as of version 10.1 i think the policy policy exceptions i've already got some flows in there so i'm just going to fire up my instance and get started see what happens i am using new york so um i don't have all the latest features just yet let me see what's going on i was getting a message on the tube on youtube saying uh the resolution is not optimal i think the audio levels are okay um but i think you may be getting a little bit a little bit of my breathing in there so i hope that's not not too much of a problem just going to move myself down into the corner okay let's see transitions are working and this is the article i've posted onto the community so please like this and bookmark it add comments any ideas any feedback in there and then i'll just share this as and when i'll try and schedule the um youtube streams ahead of time give everyone a bit of notice if you are interested in this but we'll just see what happens just check are we flowing just checking stream manager on youtube yeah it seems to be working i think they're just falling out of sync so apologies apparently there's an easy way to cut this down so if we've got anything useful that comes out of this we'll chop it up but this is my instance as i say i'm running just do stats.do one in new york there so let's switch over i've got advanced risk turned on i've got policy and compliance risk management workbench a couple of accelerators advanced dashboards and we've got a new release of grc due in the next few weeks i think that's going to be interesting so i'll try and bring that into this as well i'm going to fire up an update set local update sets and call this full flow grc full flow so i'm going to start with the profiles app because that's central okay if you maybe we will do a little diagram as well try and keep track i didn't want to do one drive do device and create a new diagram so if you know grc you've got profiles grc profiles which is smgrc scope we're going to hit up things like issues and indicators entities all of the entity stuff so entity types entities classes what else we've got in their filters so let's see what else do we have issues obviously remediation tasks sitting here so i'm going to start with this because it's central let's see how it goes and i'm going to start targeting things like business rules and one of the things you know fairly new to flow designer i have been watching all of the live code in happy hours or at least as many as many of them as i can so i feel like what i expect from flow designer is that any public method from any script include any api where there's a public method in there those public methods should be converted to to actions and then those actions can then be consumed by sub flows and flows so that that's how i'm going into this one what i will do as well is fire up flow designer and just take a quick look at some of the new stuff that came out of the box for grc so if we go to actions and look under application grc okay advanced risk has got some nice stuff in here actually although yeah i was messing around creating risk assessments somewhere else but yeah advanced risk policy and compliance get default approvers generate approvals for policy exceptions so i did see on the community a while back someone said you know something's changed in policy exception and the crux of it was that the workflow as it used to be for policy exception because policy exception has been completely revamped has been rebuilt and is now available in flow designer so if i were to create a new flow i'll just call this demo one just to start with now i know there's going to be some things that we don't we aren't able to convert i think things like before business rules and certain types of maybe scratch pad business rules but let's just see how much we can do as a test so the thing that i really like is once you're in flow designer if you're in a flow or sub flow you go to actions then you can start to consume these actions from this menu and it just makes sense you know in terms of being able to consume your apis through here so that's my vision and i think like i say we'll just start with profiles and maybe issues is a pretty intense set of apis indicators also but indicators has got a couple of ways that they come in they do run asynchronously so you have a script action which is fired from a ui action event so that's a good place to trigger into a sub flow i'd expect that to go into a sub flow over here um and then you've got a scheduled job is that not connected you also have a scheduled job for indicators which runs overnight so there's other things that happen with indicators like generate generate indicators for templates etc so let's see how much we can do i don't know how long i've scheduled for tonight's stream i'll try and keep it into one or two hour blocks but it is pretty late here in the uk it's getting on for nine o'clock so um i'll try and keep it to an hour just see how we get onto for the start i had this idea for a little while and this is the first time i'm doing something with it so be prepared so we've got our update set grc full flow go to flow designer now yeah so i was using microsoft edge i was using beta and then i used edge i moved to edge for the mac and that started playing up to be honest with you so my script utils isn't running and i haven't yet got around to oh sorry scripting clues i haven't yet got around to testing out the new servicenow vs code which i am a bit disappointed with myself for not doing that so if i go grc profiles if we look at these script includes we said we're going to start with let's start with uh indicators issues can go over here just mark them focus on indicators now let's see what we can do so this is all the apis that are in profiles there's 48 of them but obviously some of them are public item generator engine that's to do with actually producing the controls exceptions is to do with licensing choice utils using the utils table assessment utils for taking assessments things like attestations entitlement utils is brand new as well that's uh in part to handle the changes to the licensing for irm professional in uh advanced risk but i've got indicators let's have a look in here for indicator and let's just crack on with indicator engine base i'm just going to jump straight into this one i want to try and keep track of trying to keep track of what i'm doing so i want to be able to sync this really miss that feature there now's not the time to start trying to set that up so i'm just going to do a old school copy and paste see i've just set up a new account as well locally to make sure that i'm streaming from a safe location so things like my defaults and i set up either i've got my workspace set up i'm just going to call this what it's called and indicate a base so when i look at this i'm talking about all public methods let me just turn it off i'm talking about all public methods run all indicators and run indicators right so these things are the two actions i'm expecting to make okay update next date time what i would really like if this was you know this is not this is the base so i can't change it but what i would do here and this would make us a lot easier if we had consistency so you would say return this dot yeah be a lot easier wouldn't it unfortunately it's a base issue so nice lots luck we've got let me just uh change that so we've got update next date time run indicator nice i feel like i've broken something now shouldn't have done that okay so we've got run all indicators run indicator and update next date time so we go into here flow designer and create a new action and i'm going to name them exactly the same as their existing method okay is this this application scope only okay so it's important to also i think to enforce that just trying to think i think that's right we'll start with it if we if we find a problem then we can deal with it let's look at categories i'm going to call this grc full flow well that's a global one i'd like if that was in my update set and we can push that in afterwards application is that why yeah let me do that again drc full flow intervention access level for create operation on action what this is not what i was expecting i did see an error the other day when i was trying to do something in here let's just see if i get profiles maybe it didn't like me locking it down yeah all application scopes let me change that now okay let's see it's proof of concept really but i would like to honor the existing security if uh if possible so we've got flow design we've got an action run all indicators let's get all of them named up here so we've got run all indicators and call it run indicator and update take time okay so i've got my three actions from this api indicator engine run all indicators now run all indicators has no input so that's lovely no input what does it output it return anything ah it's gonna fire up batches yeah i forgot about this but it doesn't return there's no returns in here there's no outputs either it's a good good one to start with them really so we're going to go in and create the actual action which will be the script i didn't know you could rename this must have missed that before there's no input variables it is literally as simple as instantiating new indicator engine base sorry i keep going the wrong way on my switch new indicator engine dots run all indicators save that i'd like if you had a script formatting in here that would be that would make me happy there's no inputs there's no outputs it really is as simple as run all indicators and then that's an action if i should test this first let's go to an indicator active basics true um just want to get brand new one up here pick one just trying to find one that looks good do the indicator okay i'm not coming up with real use cases right now i'm not going to collect supporting data i literally just want to do this submit that okay um just bear with me a moment as well i just want to do something you have a screen for me just checking a couple of things in the background try and bring this one over okay so i'll go to my indicators and look for this one if we go last executed in fact only look at active ones last next first run date i'll see what i'll do just put updated on there how's that it's updated on here if i then go into my flow designer and test it just run a test on there we can go and view the execution says it's completed it should that was updated two minutes ago i've got the wrong time zone on here look at that updated just now so that's executed i should have an indicator task against it yep okay so my actions working perfect so success on our first action run all indicators in terms of producing the method uh the the action at least so run all indicators let's change them blue while we're working on them green when they're done so that's an action of the method what i haven't got is the actual flows that call that okay but let's just focus on doing the actions um how we doing on on time so 25 minutes in that's not too bad let's take a look on run all indicators is done run indicator now this is a bit more interesting because when we looked at the code we can see it's passing in indicator record run indicator indicator record okay so that is a glide record of the indicator so i need to define an input and i'll call this indicator record this will be a reference which is nice because this enforces another thing that's great about um flow designer is it enforces right if i want to call this i have to pass it a reference to the indicator table with no other way to instantiate it so i think that's really cool if i go to this one and show definition that returns a result id so i want to replicate that in my outputs create an output and i'll call it result id i'm just going to follow the naming convention that exists in the inputs which is uh i forget the name of it but that's a string it is mandatory and is it mandatory because strategy.com well we've got to get the strategy we don't know i'm not going to make it mandatory for now but i think it should be um input certainly is mandatory script step now is run indicator okay but we're going to pass in a variable which is going to be indicator record and our value is going to be our input from there which means that we can say i know we just call run indicator so we're going to say new indicator engine dot run indicator inputs dot and we will say output dots result id equals i think that should work then our variable here is going to be called result id okay let's use the same convention i want to be consistent [Music] again i do feel like i should be mandatory but i'm not sure what happens if the strategy did fail sometimes the indicator could get i mean if it doesn't produce a result id it has failed but i don't know if that should fail i'm just going to save this um i don't know if that should fail the flow like as in cause an error i don't want to cause an area that i can't handle so i'm going to leave it not mandatory mandatory okay i'm going to make that mandatory there and then output i don't really know what happens if you make your output mandatory or not so output variable then gets mapped to the script step run indicator we'll save that i feel like that's everything done so we've got an indicator here it's already got a task let me just close this okay i'll pass it so i've got an indicator here when i run my test indicator record ah manual test let's make sure that's the number we're looking for yeah 2007 run test fire this off and it failed the undefined value has no properties undefined okay well i've done wrong so we've got our input we've got our input mapped there inputs dots indicator record output result id where did it fail reference came in error the undefined value has no properties let's break this ah i didn't do a new didn't instantiate construct it properly let's try that i'll save it save it first and then test it manual test that was successful and i've got a result id although my result id in fact just curious when i look at the code if it's a manual run indicator there's no idea strategy run just curious whether that's really a result i do because it's uh i haven't got a result yet i've generated a task i hope yes that result was from the previous one that's still open let's just go and grab that cis id and see 173 yeah that 1736 c5 copy that from here okay so although it's called result id in if it's a manual indicator then it is a indicator task good to know but with two down i think on there that seems to be working publish so we've got run indicator let's go on here so far yep okay run indicator and close that now update next date time update next date time we're passing indicator assuming indicator here is a glide record of indicator all right indicator dot get value next runtime that value comes from indicator itself so i think we're in a similar boat with the last one well we need an input our input's going to be trying to be consistent indicator record reference to indicator that's mandatory output here we go and check it doesn't even return the update notice there's no output put a script step in here update next date time variable is indicate a record trying to put a spacer now can't do that don't forget the new new indicator engine dot update next date time inputs dot indicator record just thinking what's ever going to call that yeah this dot so it should be is it's not even a public function really it's just not been privatised with the underscore so i don't think i needed to do that and the problem with doing something is actually private ah let's test it let's just see indicator manual test run test does it work completed successfully well maybe you shouldn't publish that one but that should be i think a private method it shouldn't be on the uh shouldn't be an action in flow designer but if we look at indicator engine we have now been able to run an indicator run all indicators run indicator takes an input what we should do now is look where does run all indicators actually come from so i've got a code search turned on in here i'll go to the studio obviously i have to switch to an app that i don't really care for i'm going to go into i'll just use explore if you're not using explore um you are missing out i think generally speaking just i don't know this service now out of the box vs code is really really gonna do do something special there but in the meantime explore just lets you get your objects back i've not really tested the the out of the box uh integration there but background scripts can run from from vs code so it's definitely worth a look okay so i'll just do a check on run all indicators obviously it's within my api but it comes from here scheduled script execution so can we build a flow to replace this let's have a look we've got the action built builder flow i think you can build scheduled flows run as system user that's quite important i forgot i switched scope to get into studio i really need a code search just native it's leave page switch my scope back just seen a few people join the stream so good evening or good morning depending where you are in the world hit me up on the chat and let me know if you've got any comments and all the standard stuff uh for anyone watching youtube channels uh like subscribe share click the bell all the things that people say if you're watching a youtube channel i just want you to enjoy yourself check out the link i posted in the chat which is for the community post i've made on this project uh eric hi eric excellent initiative will you record and post it later well i'm recording and i'm live so yeah it'll be available on the channel we might chop it up and make it available but this is really a test run so i have converted two actions from the indicator engine api and now i'm going to consume them into flow designer so i don't want to do it in this scope i used code search to go and find everywhere that the methods are getting called from i had to change scope to do that so let's call this run all indicators and sometimes i'm naming my actions very much like camel case as if they're in the methods and i think when we're doing the flows and when we're doing the actions in flow designer probably we need to give them a bit more uh user-friendly name thinking about who might be calling that so a scheduled job will typically run as a system user especially for indicators in grc it's very important because you know that is going to access data that um you know not every user might have permission for so it does run as system user that's quite important can i do this scheduled can i run trick trigger in here can you run schedules trigger selector trigger repeat is it that one here we go date it's daily isn't it if you look at that code search daily yep excellent so when should we run it show xml run out run time 8 am that's utc right dad a week one night because it's a daily indicator sorry daily schedule so hopefully hey done select an action and this is the most beautiful bit of flow designer now under profiles i didn't publish it okay so go to my actions profiles run all indicators see i feel like that needs to be renamed now that should be called run all indicators and then publish and then the flow consumes an action called run all indicators and we can give it a description and everything else afterwards done save test it let's make sure it flows and it runs flow's been executed completed all looks good has my indicator got a new task i don't know if it checks for existing open tasks actually off the top of my head let's have a look it's already got one so let's close this i in fact the next run at date schedule next runtime tomorrow anyway so it wouldn't have run on that system but the api executed successfully which is great so run all indicators has been converted and we'll update our diagram run all indicators comes from a scheduled job now if we're really looking to swap out and convert everything to grc the real test is going to turn that schedule job off if i reload this form i should get rid of that scope issue no because okay copy url fire it up in here and oh it wasn't active anyway right of course you have to activate this so out of the box um you know if we want it to be harsh we just delete it right it's gone replaced with flow designer i haven't activated it so if you wanted to run all indicators every night or every day you then come in here and activate it lovely look at flows look under application grc profiles and we've got run all indicators in there the next one we're looking at is run indicator okay now this is going to get a bit more interesting because i believe this comes from a script action which comes from a ui action so i think it needs to be a sub flow it calls obviously within the api which we've converted yeah that script action so there's two there's two in here you've got the batch run and you've got the script action which comes from so we can look at this script action comes off of an event which comes from a ui action so do we want the ui action to directly call the subflow and cut the script action out of it all together let's have a look uh flow designer so we go new subflow and this is going to be called ah forgot what we're doing we're on indicator run execute indicator so here it's called execute indicator let's call it that execute indicator it's in our profiles application category full flow i'm going to do protection run as system user it's an event level i'm not going to do descriptions and annotations right now this is mvp which is a great excuse for not doing documentation so when we execute an indicator we do need an input um so yeah define the input here which is going to be indicator record and the type is going to be reference to indicator this is mandatory you can't execute an indicator without an indicator and did we when we run an indicator it does return result id right so an output is going to be result id that'll be a string inputs and outputs so i think that's good select an action it's going to be under grc profiles run indicator and let's go and rename that one because let's call it execute indicator that seems to be the friendly friendly version of it so we've got execute indicator action and an execute indicator subflow just looks a bit nicer when we do it this way so our indicator is going to be from the data pill or from our subflow inputs map that in there done and our subflow output how do we map that with value so this action is going to return a result id can i put hmm action comes out where does the where's the output go how do i map that values at this bit here here we go advanced options default value shouldn't really be default value we're missing something sub flows inputs and outputs so how can i define how can i define the outputs before the action which is going to give me an output and where do i map that output to you see here we've got a subfloor but we've got the same thing not sure not sure there let's save it we don't want to lose it and we should test it so did i close let's close this indicator task closed and passed don't create any issues yet yeah update that that will then generate indicate result has been created lovely so we test this for our manual test run let's see what happens completed now this returns a result id we see the steps but my subflow output hasn't got a value in there so i'm not happy with this although i have got a subflow which is great i should have an indicator task new one yep thank you so let's have a look subflow what we can do okay we need to publish this subflow once we've published the subflow we can do a code snippet and we can just copy that to the clipboard and then if we go to our indicator execute now what would normally happen this ui action will fire a script act or fire an event where is it event queue here and that event will be picked up by the script action so we just get it straight in here so you see that execute indicator if type equals manual maximum number of indicator tasks exceeded yeah so this is why it doesn't create when it checks for open ones excellent now too many open indicator tasks no task was created so we still want to do that check that looks good an indicator task will be created may take some time else it will be created what's that else for them if type okay an indicator result will be created of course so this bit here let's go um that's called execute indicator i'm going to say execute indicator subflow current and comment that out and then create another function called execute indicator subflow indicator record and we can get rid of those bits we still got to try try catch looks good what don't you like our inputs inputs equals indicator record from our function and do we want to start it asynchronously yes we do indicators can take a long time common let's just delete those so we want to run that asynchronously that's quite nice actually the name of that sngrc dot execute indicator as a subflow versus the event that it's replaced okay so that actually looks quite nice we've got a subflow that matches what the event queue was result id equals outputs result id yeah we can't get outputs because it's synchronous um how's the audio on here i'm just going to check because i'm getting some buzzing looking okay excellent okay so we've got asynchronous just going to fire that what happens happens is up to the jobs up here execute indicator subflow's going to call that down here minimize update that we've got a task open let's just see that error message right it should or at least info message telling us about the open indicator tasks yep oh it says it will be created so i would have expected that not to happen it lets us have two open at once so that worked right and if we go to our flow designer i think another thing i love about flow designer debugging executions look at that just now so i can go and watch if i want to see when did this run i'd have to start plowing through logs i can see that just ran and my output guess what it's going to be the sys id of this maybe this this idea was template okay oh yeah indicator template sorry that threw me so our value there our result id is actually an indicator task 489 6e d let's paste this in somewhere 4896 cd lovely so very happy with that now there's another place where that was getting called from indicator batch run which is another script action so indicate a batch run is going to get fired from it actually gets fired from the api itself if you look run all indicators if we've got high volumes and depending you can actually tune your indicators now for performance there's a batch table it will break though it won't just try and run all indicators in one go it will actually break that list up and create records on the table and then work through that batch okay now this was a new feature introduced in the last couple of versions i actually missed it when it first came out but this seeks to deal with some of the performance issues that can occur if you've got really high volumes of controls um lots of platform data that needs to be processed for indicators we can use batching okay so it never really loses itself or gets stuck and you can go and check and monitor how those batches are working so from our main run all indicators it actually runs through that indicator batch table and then from here fires the event indicator batch which gets picked up by our script include indicator batch script action and then runs here new indicator engine run indicator and update next date time so surely run indicator update next date time okay because it's coming from a batch that's why it's been decoupled so don't publish that one hmm i can see what they've done here and i'm just thinking about the overhead if it's worth us how much of is worth converting so let's uh let's go and have a look i think we should have a go at at least dealing with the script action get the script action to fire this like we did a moment ago so we come in here code snippet copy the code snippet go in here and where it would normally run engine we're to call here let me pull up that last ui action because i've done it all and now i've got a nice little function execute indicate the subfloop i'm going to grab that i don't need to do the code snippet paste that function in i've got event palm one how you see you should always wrap in here if if we can't do that then return safety first why don't you like it return outside of a function hmm okay fair enough let's put it down here yeah you should always wrap a get a function what if that event is badly formed let's go let's do this why don't you like this function move this to program not a problem so we've got execute indicator subflow execute indicator subflow indicator and then use the engine to update the next date time because i've got it as an action it's not been published it would need to be a sub flow in order to be called from here but if i expose it in that way that suggests that it's supposed to be consumed so what i would probably look to do is create two different sub flows okay one with as it's doing right now and then one with this embedded in the subflow that's got to be a better option um then we could execute indicator from batch that's what i think would be a better option so let's just check the logic on here so our batch is our indicator batch table if we can get it then we will process it indicator will get the value of the indicators all indicators in that batch new engine and we can actually get rid of another line here just put that in there execute subflow cause this one passes in indicator which is our glide record indicator record okay i'm going to save that that's going to be difficult to test because i don't have enough volume right now to process batches so that needs testing but what we've got here if we look we've got the ui action uh execute that's done then we've got the script action indicator batch run i would like the name of that to be honest with you where is it there script action execute batch so this one hasn't been tested yet i don't know what color to use yeah amber so it's converted but it's not been tested just saving this file how are we doing on time i hope the quality has been okay we've done an hour it says out of two hours what's the time ten to ten are there any other areas that refresh the community any other areas thanks eric um are there any other areas that we've got for indicators we've got the indicator engine we did a search right so we called that event execute indicator script action run indicator from the batch run we should check whether update next date time is coming from anywhere else i am intrigued on that one i think that's a slightly imperfect solution we've got at the moment it's not making the most out of uh the way flow designer actions can be kind of scaled but that seems to solve the problem right now new indicator engine yes execute subflow new indicator engine that's the one we've just put in place let's just check line 33 on there let's run all indicators so i would say we've converted indicators into flow designer there just feels a bit too easy i missed something let's go and check out flow designer and we look at our flows now grc profiles run all indicators yeah that's a schedule and our subflows grc profiles execute indicator actions profiles as well execute indicator is still draft okay so actually we should have published that i think because we changed the name um where are we actions execute indicator that's now published this one shouldn't really be consumed it actually should be prefixed differently in the in the api so we can execute indicators we can run all indicators uh now when i said we've converted all indicators to flow designer is obviously not that simple because that's from the kind of ui side the schedule and the ui action and i'm just thinking uh you know how best to say this so we've got indicate if we go back to my indicator task indicator task when this gets closed configure business rules right so what we need to do next is actually go through table by table and look in here at um so we've converted the apis and we've converted the kind of ui but we need to look in here for sng sngrc indicator task as a table level and then sng sngrc indicator result because this indicator result is what's going to trigger whether the control is compliant whether the risk factor has gone up um whether we need to create an issue this is going to actually generate the indicator result so table by table we need to go through here let generate indicators for templates we've done the scheduled job the script actions generate indicators we need to do um smgrc indicator templates here we need to go through each table and you need to think when a new control gets generated um that control is going to trigger the creation of a new indicator from the template so there's a whole load of workflow that is taking place in there if we want to go full flow then we do need to do this but certainly it's been a an interesting exercise yeah here we go that check maximum indicator task closed let's just take a quick look maybe we'll plan these in for for next time where are we aaron 10. so insert before i think this might be a problem i've not really tested flow designer to this extent but i think we're going to be left behind with things like before insert is it really dependent on doing it before yeah because it's got a set of ball action in here maximum number of indicator tasks exceeded so i think we're going to have a list of exceptions things we can't convert yet i would put that in the pot of things we can't convert yet so let's just that's on indicator task and business rule check maximum i think that's going to be a red on that table level what we have got is indicated task closed and this should be after i predict this will be after is before before state is closed okay making a prediction and lost if current result is nil um see this is the problem with flow designer and befores right we can't handle that bit what you could do um you don't want to update it back you you know you want to prevent that update actually happening so um else if so if result is nil result is required to close the task how does the result get generated then if it's not before close else if current indicating if there is an indicator okay we check for mandatory yes else indicator id get the indicator should be wrapped conditional get the strategy hold on state is oh yes it's indicated task yet so of course it knows it can get the strategy result equals current result plus past i'll plus string equals pass that's either true or false add result strategy dot add result so that's probably another method we want to break through in that strategy add result current value an indicator result has been created this is what i understand ah i was thinking that result was a reference to the indicator result but result is true or false it's pass or fail so if we can just quickly just look at this that result here passed or failed okay that was throwing me for a moment yes so you can't close uh an indicator task without a result just yeah it's kind of closed if you did want to you can cancel it right you're not going to complete it okay that threw me for a moment i'll be honest with you so before business rules might be a problem but indicator task close again it's before business rules so we're gonna have a possible problem here i don't know uh what we can do there if it's conditional because it's that's how it's going to generate the results i think we put them in a pot and say these ones we can't do and then when i find out that i'm wrong on flow designer can do something with before business rules we come back and we do these okay and then we can move forward that's my plan other than that uh well it's tuesday night and it's getting late in the uk so thanks everyone for watching let me do some really cool stuff for yes phil goes deep okay so thanks for watching apologies it's been around five months i'm going to try and schedule in some of these uh calls maybe get my hair sorted i'll cut next week schedule in some of these uh sessions maybe we can convert grc to flow designer in full in 24 hours so this is part one thanks for watching and uh yeah take care stay safe you