Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk SOAR and ServiceNow

sdintino_splunk
Splunk Employee
Splunk Employee
‎07-15-2022 07:50 AM

Hi All, 

ServiceNow supports multiple ticket types such as "RITM", "SCTASK", "INCIDENT".  Our Splunk Cloud instance today can only create "INCIDENT" type tickets. 

Very curious if Splunk SOAR can extend this functionality and let us create "SCTASK", which is our preferred task types in the ticketing system. 

Thanks~!

Labels (2)
0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-15-2022 07:59 AM

Forgive me as I may have misunderstood your original ask. 

The Splunk SNOW app could also be extended as it will likely use REST to create the ticket and I suspect with an additional argument you could make it work for the other types. 

The SNOW SOAR App "create_ticket" action just asks for the table to add to so with my extremely low understanding of SNOW, does this mean you could just point to the table for SCTASK rather than INCIDENT?

0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-15-2022 07:55 AM

@sdintino_splunk 

If the app doesn't do it at the moment you could always update it to make it create those types of events. 

You may just need to update one action with an option or create a new one, either way you can now do this in the platform (5.x+ required) app IDE and even test it!

Or, you can request an update to the app but I would expect that to take a long time so better to update yourself.

Then, if you would like, you can share your update to make the app better: https://github.com/splunk-soar-connectors/servicenow 

Hope this helps, if so please mark as solution or feel free to ask more! 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...