Splunk SOAR
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk SOAR and ServiceNow

sdintino_splunk
Splunk Employee
Splunk Employee
‎07-15-2022 07:50 AM

Hi All, 

ServiceNow supports multiple ticket types such as "RITM", "SCTASK", "INCIDENT".  Our Splunk Cloud instance today can only create "INCIDENT" type tickets. 

Very curious if Splunk SOAR can extend this functionality and let us create "SCTASK", which is our preferred task types in the ticketing system. 

Thanks~!

Labels (2)
0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-15-2022 07:59 AM

Forgive me as I may have misunderstood your original ask. 

The Splunk SNOW app could also be extended as it will likely use REST to create the ticket and I suspect with an additional argument you could make it work for the other types. 

The SNOW SOAR App "create_ticket" action just asks for the table to add to so with my extremely low understanding of SNOW, does this mean you could just point to the table for SCTASK rather than INCIDENT?

0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-15-2022 07:55 AM

@sdintino_splunk 

If the app doesn't do it at the moment you could always update it to make it create those types of events. 

You may just need to update one action with an option or create a new one, either way you can now do this in the platform (5.x+ required) app IDE and even test it!

Or, you can request an update to the app but I would expect that to take a long time so better to update yourself.

Then, if you would like, you can share your update to make the app better: https://github.com/splunk-soar-connectors/servicenow 

Hope this helps, if so please mark as solution or feel free to ask more! 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...