Splunk Enterprise Security

Splunk ES availability ticket management

hariskhan
Explorer

Dear Splunkers,

Does splunk ES( when purchased) comes with any build-in ticket management system or one has to buy a new ticketing system for incident management?.
We have Manageengine ticket system deployed in over environment however we are not much sure whether it will fully integrate with splunk or we would have to hire a developer for its integration.

0 Karma
1 Solution

woodcock
Esteemed Legend

ES does have a basic ticketing system built-in. As many as not use some other more fully-featured ticketing system like ServiceNow or JIRA. We have done many integrations for clients to have Splunk/ES create tickets in 3rd-party systems. There are apps that help, too.

View solution in original post

0 Karma

woodcock
Esteemed Legend

ES does have a basic ticketing system built-in. As many as not use some other more fully-featured ticketing system like ServiceNow or JIRA. We have done many integrations for clients to have Splunk/ES create tickets in 3rd-party systems. There are apps that help, too.

View solution in original post

0 Karma

jgab1981
New Member

Hi.

 

Could you provide more information or links about this feature,, in-built ticketing system..

 

Regards

0 Karma

BJ
New Member

Do you have the documentation that helps explain what features and functions the internal ticket management systems has? Also how much can be changed like escalations, notifications, attached files, etc. 

0 Karma

lkutch_splunk
Splunk Employee
Splunk Employee

You could use the investigation workbench. It's like ticket tracking & collaborating on investigations for assets, identities, or artifacts involved in a potential security incident:
https://docs.splunk.com/Documentation/ES/6.4.0/User/InvestigationWorkbench

0 Karma

hariskhan
Explorer

Thanks woodcock,

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!