Configure a Splunk alert to close, if the related Security Incident gets closed & vice versa?

WazzaJC
Tera Expert

How can I configure a Splunk alert to close, if the related Security Incident gets closed and vice versa ?

 

Hi ServiceNow Community colleagues, please can I ask your advice on how to achieve the following.

 

If a Security Incident Response has been raised, in relation to a Splunk alert, how would I configure that related Splunk alert to close, when the Security Incident gets closed, in ServiceNow and vice versa, if the Splunk alert gets closed, how can I get the related SIR in ServiceNow to get closed down automatically?

 

I don't think this happens automatically with any existing integration - would I have to write business rules, to achieve this ?

 

Thanks for any help/advice/suggestions.

0 REPLIES 0