Using the latest Splunk Entperirse Security and Splunk App/Add-on for ServiceNow.
I'm trying to get incidents in ES to push over to ServiceNow. Has anyone been successful with doing so? I've tried using the snow_incident.py script and have tried modifying the searches in correlations to use the custom search option passing the required fields.
I didn't see a way to integrate the snow custom alerts to anything in ES either. Just looking for some direction or tips on how to facilitate this.