How to integrate SNOW with SIEM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2023 02:30 PM
Hi,
Could someone explain to me, how to integrate SNOW with SIEM? Needs to send security logs and audit logs to SIEM.
Thank you,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2023 03:30 PM
Hi, I would think any solution would be dependent on the Siem application\solution that you have implemented,
can you provide specific details?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2023 05:01 PM
You can either do an outbound or inbound integration depending on SIEM system.
If SIEM system is pulling the data from ServiceNow then I would suggest go for table api using filter of create_on today.
If SIEM system wants to push the data from ServiceNow then I would suggest a Scheduled job on daily basis through which you can trigger a REST Message and send the data.
Please mark correct if my response has solved your query.
Cheers,
Mohammed Basheer Ahmed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-24-2023 02:06 AM
Do you have any document explains ServiceNow security log ingestions to SIEM?
I am looking to ingest into Sentinel.
