https://apps.splunk.com/app/4770
Servicenow security operations event ingestion addon for splunkes
And https://apps.splunk.com/app/3921
Servicenow security operations addon
Both are supporting on-demand based incident creation in servicenow so what is the actual difference here. Anyone have any idea?
Event ingestion add on required license addon from servicenow that I know. It is the only difference or something else also?
The newer app (#4770) is intended for use within Splunk Enterprise Security. The other app is used in Splunk Enterprise.
#3921 app not required any application on servicenow side. It's just required only user profile from servicenow. Please correct me if I am wrong here.
This app adding workflow action of creation of security incident/event in servicenow.
#4771 app required splunk event ingestion application on servicenow end which is licensed application. Why someone should have invest money when it is free of cost.
This app adding workflow action of send notable to now production/test
I just want to know the actual difference in terms of configuration.
If you don't have a SNOW license then why bother with SNOW apps?
Someone else will have to answer how the configurations differ for the two apps. Or you could install them both and see for yourself.