Re: Splunk SOAR and ServiceNow

sdintino_splunk · ‎07-15-2022

Hi All,

ServiceNow supports multiple ticket types such as "RITM", "SCTASK", "INCIDENT". Our Splunk Cloud instance today can only create "INCIDENT" type tickets.

Very curious if Splunk SOAR can extend this functionality and let us create "SCTASK", which is our preferred task types in the ticketing system.

Thanks~!

phanTom · ‎07-15-2022

Forgive me as I may have misunderstood your original ask.

The Splunk SNOW app could also be extended as it will likely use REST to create the ticket and I suspect with an additional argument you could make it work for the other types.

The SNOW SOAR App "create_ticket" action just asks for the table to add to so with my extremely low understanding of SNOW, does this mean you could just point to the table for SCTASK rather than INCIDENT?

phanTom · ‎07-15-2022

@sdintino_splunk

If the app doesn't do it at the moment you could always update it to make it create those types of events.

You may just need to update one action with an option or create a new one, either way you can now do this in the platform (5.x+ required) app IDE and even test it!

Or, you can request an update to the app but I would expect that to take a long time so better to update yourself.

Then, if you would like, you can share your update to make the app better: https://github.com/splunk-soar-connectors/servicenow

Hope this helps, if so please mark as solution or feel free to ask more!

Splunk SOAR and ServiceNow

configuration

using SOAR ⁄ Phantom

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?