Configure a Splunk alert to close, if the related Security Incident gets closed & vice versa?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-19-2025 05:34 AM - edited 06-19-2025 05:36 AM
How can I configure a Splunk alert to close, if the related Security Incident gets closed and vice versa ?
Hi ServiceNow Community colleagues, please can I ask your advice on how to achieve the following.
If a Security Incident Response has been raised, in relation to a Splunk alert, how would I configure that related Splunk alert to close, when the Security Incident gets closed, in ServiceNow and vice versa, if the Splunk alert gets closed, how can I get the related SIR in ServiceNow to get closed down automatically?
I don't think this happens automatically with any existing integration - would I have to write business rules, to achieve this ?
Thanks for any help/advice/suggestions.