Sighting Search Configurations define how threat intelligence data is searched and matched against your environment. Configure these settings to customize threat detection and improve security monitoring accuracy.

The Elasticsearch and Splunk Sighting Search integrations enrich observables with sighting information from your log data. Elasticsearch searches logs to add relevant sightings directly to observables, while Splunk searches, monitors, and analyzes machine-generated data across Security Operations. Download the Splunk Sighting Search integration from the ServiceNow Store.