I would either like to send the results table as the description field to ServiceNow or be able to pass the csv results and attach it to the opened incident ticket. The goal is to work the ticket from ServiceNow without having to go into Splunk to review the results.
As of now in the description field i am passing $result.src_ip$ $result.dest_ip$ $result.threat_intel_list$ $result.threat_match_field$ $result.threat_collection$ $result.original_sourcetype$ $result.count$ but the only passes the first result of the report.
Has anyone be able to pass the all the search results into a single ServiceNow ticket?
... View more