Best practice for integrating ServiceNow with Elastic

Chimenem · ‎02-07-2024

I'm investigating how best to integrate ServiceNow with Elastic alerting for event -> alert -> incident creation. Any best practices and lessons learned that can be shared by those that have gone through the process is much appreciated.

Ademir Amaral1 · ‎02-08-2024

In our scenario, the best option was via API, through a configuration directly in Elastic, where we basically provide a user and Elastic has a kind of plugin to connect with ServiceNow.
Lessons learned is that Elastic cannot provide outgoing public IPs, so be aware of this if you use IP Address Access Controls