Using ServiceNow Event Ingestion Integration add-on

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Map alerts from Splunk console to create a Security Incident Response (SIR) on the ServiceNow instance.

    Antes de Iniciar

    Role required: sn_sec_splunk_v2.api_account_access

    Procedimento

    1. Log in to Splunk Enterprise.
    2. Navigate to Apps > Search & Reporting.
    3. Select Alerts.
      A list of alerts generated in the Splunk console on the basis of correlation rule configured previously show up.
    4. Select any Configured Alert from the list.
      Trigger History of the configured alert show up.
    5. Select View Results against the alert.
    6. Expand any of the alerts using (>) icon.
    7. From the drop down, select the Workflow action label configured while setting up the add-on.
      For more information on Workflow action label, see Set up ServiceNow Event Ingestion Integration add-on
      Alerts will go in Splunk Import table followed by Splunk Event to Tasks table.

    Resultado

    A Security Incident Response (SIR) record is created on the ServiceNow instance as per the mapping specified in the Manual event forwarding profile. For instructions on how to set up a Manual event forwarding profile, see Create and name an event profile