Splunk Enterprise Security

Splunk Alert using Splunk ITSI Notable Event - Creating a Service Now Incident

t_splunk_d
Path Finder

In Splunk Enterprise I have alerts. Now I want to create Servicenow incidents by adding the alert action using ITSI Notable Events.

Following are my questions:

  1. Whether the above approach is doable ( assuming that all required apps are in-place and configurations complete and working)
  2. Is it possible to create an incident by sending all the ServiceNow field's value? Is this out of the box? I am sure it is not. Because I can only see few basic fields.
  3. What needs to be done to pass all the values to ServiceNow? I want to populate all the field's values in a ServiceNow incident. Do i need to change the .py (not able to remember the name)?

The existing Splunk alert has all the values (including resolution etc.). Currently it is a manual effort of copy and paste in the ServiceNow incident which I want to automate.

Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

<P style=" text-align: center; "><span class="lia-inline-image-display-wrapper lia-image-align-center" ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

<FONT size="5"><FONT size="5" color="#FF00FF">Get the latest news and updates from the Splunk Community ...