Splunk SOAR
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk SOAR and ServiceNow

sdintino_splunk
Splunk Employee
Splunk Employee
‎07-15-2022 07:50 AM

Hi All, 

ServiceNow supports multiple ticket types such as "RITM", "SCTASK", "INCIDENT".  Our Splunk Cloud instance today can only create "INCIDENT" type tickets. 

Very curious if Splunk SOAR can extend this functionality and let us create "SCTASK", which is our preferred task types in the ticketing system. 

Thanks~!

Labels (2)
0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-15-2022 07:59 AM

Forgive me as I may have misunderstood your original ask. 

The Splunk SNOW app could also be extended as it will likely use REST to create the ticket and I suspect with an additional argument you could make it work for the other types. 

The SNOW SOAR App "create_ticket" action just asks for the table to add to so with my extremely low understanding of SNOW, does this mean you could just point to the table for SCTASK rather than INCIDENT?

0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-15-2022 07:55 AM

@sdintino_splunk 

If the app doesn't do it at the moment you could always update it to make it create those types of events. 

You may just need to update one action with an option or create a new one, either way you can now do this in the platform (5.x+ required) app IDE and even test it!

Or, you can request an update to the app but I would expect that to take a long time so better to update yourself.

Then, if you would like, you can share your update to make the app better: https://github.com/splunk-soar-connectors/servicenow 

Hope this helps, if so please mark as solution or feel free to ask more! 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...