Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise Security and Splunk App/Add-on for ServiceNow: How to dreate SNOW incidents from ES incidents?

john_miller1
Explorer
‎12-18-2015 12:28 PM

Using the latest Splunk Entperirse Security and Splunk App/Add-on for ServiceNow.

I'm trying to get incidents in ES to push over to ServiceNow. Has anyone been successful with doing so? I've tried using the snow_incident.py script and have tried modifying the searches in correlations to use the custom search option passing the required fields.

I didn't see a way to integrate the snow custom alerts to anything in ES either. Just looking for some direction or tips on how to facilitate this.

Any help is greatly appreciated!

Reply

krishnab
Path Finder
‎04-07-2018 03:44 AM

Hi,I assume you want to send an event to SNOW to create an incident.

The best thing is to save your query as an alert.

Once done that in the trigger action column in alerts,you'll find an action as "SNOW incident managment".

through this you can send your events from an alert to SNOW.

Assume,you have many rows of data like hostname,usage,which can be sent by mentioning it as $result.ur fieldname$

0 Karma
Reply

gcato
Contributor
‎04-06-2018 02:16 PM

Hope this answer might help you.

https://answers.splunk.com/answers/597366/problem-with-alert-triggered-scripts-for-serviceno.html

0 Karma
Reply

ehaddad_splunk
Splunk Employee
Splunk Employee
‎12-18-2015 03:35 PM

I have heard that if you can successfully do so using the custom search commands. Are you having any problem doing so? If so,, whats the error?

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎03-08-2017 04:38 PM

can you put the script name directly ?
example: snow_incident_m.py

and add the Splunk_TA_snow as an import on ES.

0 Karma
Reply
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...