Hi @Karthickb2308 

As others have mentioned, there arent currently any Splunkbase apps to write back to ManageEngine ITSM with Splunk for CMDB synchronization and automated ticket creation from Enterprise Security alerts, however you can achieve this in a couple of ways:

1. Custom App - You could use the ManageEngine API (https://www.manageengine.com/products/service-desk/sdpod-v3-api/SDPOD-V3-API.html) to build a custom app using Splunk UCC Framework - UCC is a great way to start building inputs (to import your CMDB data) and also create modular alert actions (to raise incidents from Enterprise Security).  Also see https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/howtousesplunkpython/howtocreatemo... for more background on creating inputs.
2. Use the REST API Modular Input add-on app to use the same Manage Engine API from within SPL, you can use scheduled searches to utilise the app's "curl" command against ManageEngine's REST API to fetch CMDB data. You could create a macro to write incidents using the same command and call this at the end of searches where you would normally create an alert action. Note - the curl command doesnt actually use curl, so not every parameter is supported, it uses python requests under-the-hood (see https://www.baboonbones.com/php/markdown.php?document=rest/README.md)

Hopefully one of these two options helps you move forwards with your integration with ManageEngine into Splunk - please let me know you have any questions

🌟 Did this answer help you? If so, please consider:

• Adding karma to show it was useful
• Marking it as the solution if it resolved your issue
• Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing