Splunk SOAR (f.k.a. Phantom)

Splunk SOAR and ServiceNow

sdintino_splunk
Splunk Employee
Splunk Employee

Hi All, 

ServiceNow supports multiple ticket types such as "RITM", "SCTASK", "INCIDENT".  Our Splunk Cloud instance today can only create "INCIDENT" type tickets. 

Very curious if Splunk SOAR can extend this functionality and let us create "SCTASK", which is our preferred task types in the ticketing system. 

Thanks~!

Labels (2)
0 Karma

phanTom
SplunkTrust
SplunkTrust

Forgive me as I may have misunderstood your original ask. 

The Splunk SNOW app could also be extended as it will likely use REST to create the ticket and I suspect with an additional argument you could make it work for the other types. 

The SNOW SOAR App "create_ticket" action just asks for the table to add to so with my extremely low understanding of SNOW, does this mean you could just point to the table for SCTASK rather than INCIDENT?

0 Karma

phanTom
SplunkTrust
SplunkTrust

@sdintino_splunk 

If the app doesn't do it at the moment you could always update it to make it create those types of events. 

You may just need to update one action with an option or create a new one, either way you can now do this in the platform (5.x+ required) app IDE and even test it!

Or, you can request an update to the app but I would expect that to take a long time so better to update yourself.

Then, if you would like, you can share your update to make the app better: https://github.com/splunk-soar-connectors/servicenow 

Hope this helps, if so please mark as solution or feel free to ask more! 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...