Re: ServiceNow Security Operations add-on for Splu...

becksyboy · ‎07-15-2021

Hi All,

we are trying to install the ServiceNow Security Operations add-on for Splunk, and after we add in the required details including the password, we cannot locate where the password is being stored.

Was expecting a passwords.conf to be created with the password encrypted, but am not seeing anything in:

/opt/splunk/etc/apps/TA-ServiceNow-SecOps/default

Or in

/opt/splunk/etc/apps/TA-ServiceNow-SecOps/local

ServiceNow Security Operations Addon | Splunkbase

We do have a sn_sec_instance.conf created in /local, but it only lists the url of our ServiceNow instance and the username.

thanks

venkatasri · ‎07-15-2021

Hi @becksyboy

You can put the password in same file sn_sec_instance.conf and there is no separate password file, these are the allowed settings in file.

[sn_instance]
url =
username = splunk_sec_integration
password =
proxy_url =
proxy_port =
proxy_username =
proxy_password =

---

An upvote would be appreciated and Accept solution if this reply helps!

becksyboy · ‎07-15-2021

Thanks @venkatasri

yep am aware of that, but when we use the older version of this app: ServiceNow Security Operations | Splunkbase if you enter the parameters in via the gui, the password is encrypted into a passwords.conf file automatically.

ServiceNow Security Operations add-on for Splunk - missing passwords.conf?

installation

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation