ServiceNow Security Operations add-on for Splunk -...

becksyboy · ‎07-15-2021

Hi All,

we are trying to install the ServiceNow Security Operations add-on for Splunk, and after we add in the required details including the password, we cannot locate where the password is being stored.

Was expecting a passwords.conf to be created with the password encrypted, but am not seeing anything in:

/opt/splunk/etc/apps/TA-ServiceNow-SecOps/default

Or in

/opt/splunk/etc/apps/TA-ServiceNow-SecOps/local

ServiceNow Security Operations Addon | Splunkbase

We do have a sn_sec_instance.conf created in /local, but it only lists the url of our ServiceNow instance and the username.

thanks

venkatasri · ‎07-15-2021

Hi @becksyboy

You can put the password in same file sn_sec_instance.conf and there is no separate password file, these are the allowed settings in file.

[sn_instance]
url =
username = splunk_sec_integration
password =
proxy_url =
proxy_port =
proxy_username =
proxy_password =

---

An upvote would be appreciated and Accept solution if this reply helps!

becksyboy · ‎07-15-2021

Thanks @venkatasri

yep am aware of that, but when we use the older version of this app: ServiceNow Security Operations | Splunkbase if you enter the parameters in via the gui, the password is encrypted into a passwords.conf file automatically.

ServiceNow Security Operations add-on for Splunk - missing passwords.conf?

installation

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...