topic Re: Manage engine ITSM in Getting Data In

Manage engine ITSM

Karthickb2308 — Tue, 27 May 2025 03:04:05 GMT

Hi Team,

I need help with Manage engine ticketing tool integration with Splunk i have researched in Google did not find any exact document please provide your inputs if anyone has integrated these one.

Goal

1) CMDB integration

2) Automatically create a ticket for each splunk enterprise security alerts

Re: Manage engine ITSM

kiran_panchavat — Tue, 27 May 2025 03:27:01 GMT

@Karthickb2308

To integrate ManageEngine ServiceDesk Plus CMDB with Splunk, the goal is typically to sync asset and configuration item (CI) data between the two systems for better incident context and correlation. Since no direct Splunk app exists for ManageEngine CMDB.

Log Forwarding from ManageEngine to Splunk

https://www.manageengine.com/products/self-service-password/adselfservice-plus-integrations.html

https://www.manageengine.com/products/ad-manager/help/admin-settings/third-party-integrations/splunk.html

Re: Manage engine ITSM

kiran_panchavat — Tue, 27 May 2025 03:22:15 GMT

@Karthickb2308

There is no out of the box feature that lets you do this.

However, If you have a script that can create tickets in Manage Engine Service Desk, You can have your Splunk alert call that python script when the alert triggers

https://help.servicedeskplus.com/api/rest-api.html

ManageEngine ServiceDesk Plus supports ticket creation via its REST API (endpoint: /api/v3/requests).

Re: Manage engine ITSM

PrewinThomas — Tue, 27 May 2025 04:36:26 GMT

@Karthickb2308

No one-click integration for CMDB or ticketing, but REST API and Splunk alert actions make it achievable.

Use the ServiceDeskPlus Splunk app for supported ticket actions(If you have Splunk SOAR), or build your own with Python/REST.

For CMDB, use exports/API to sync data into Splunk for enrichment and correlation.

Also a simple alternative -If you can’t use the API, configure Splunk to send alert emails to ManageEngine’s ticket creation email address (less flexible, but simple).

Re: Manage engine ITSM

livehybrid — Tue, 27 May 2025 07:00:43 GMT

Hi @Karthickb2308

As others have mentioned, there arent currently any Splunkbase apps to write back to ManageEngine ITSM with Splunk for CMDB synchronization and automated ticket creation from Enterprise Security alerts, however you can achieve this in a couple of ways:

Custom App - You could use the ManageEngine API (https://www.manageengine.com/products/service-desk/sdpod-v3-api/SDPOD-V3-API.html) to build a custom app using Splunk UCC Framework - UCC is a great way to start building inputs (to import your CMDB data) and also create modular alert actions (to raise incidents from Enterprise Security). Also see https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/howtousesplunkpython/howtocreatemodpy/ for more background on creating inputs.
Use the REST API Modular Input add-on app to use the same Manage Engine API from within SPL, you can use scheduled searches to utilise the app's "curl" command against ManageEngine's REST API to fetch CMDB data. You could create a macro to write incidents using the same command and call this at the end of searches where you would normally create an alert action. Note - the curl command doesnt actually use curl, so not every parameter is supported, it uses python requests under-the-hood (see https://www.baboonbones.com/php/markdown.php?document=rest/README.md)

Hopefully one of these two options helps you move forwards with your integration with ManageEngine into Splunk - please let me know you have any questions

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Re: Manage engine ITSM

Karthickb2308 — Tue, 27 May 2025 07:40:26 GMT

Thanks kiran for the support