What is the best way to expose ServiceNow logs to external SIEM (security) tool?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2022 03:21 AM - edited 11-21-2022 05:29 AM
Hi,
Our security team wants to have all of the ServiceNow LOGS for monitoring purpose. Looking for best way to expose logs tables.
Export from ServiceNow? or Allow to read via API? Any other recommenced approach?
Thnx!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2022 03:39 AM
Hi,
It is not recommended to export the logs due to sheer size of the files based on instance maturity. However, if you need to export anyhow, then Scheduled Export is a great option.(assumption: You are using MID Server)
Link:
https://docs.servicenow.com/en-US/bundle/tokyo-platform-administration/page/administer/export-sets/t...
1. You can create an Export Definition, mention Log table and add filter condition.
2. Create an Export Target. Here you need to specify MID Server and File path.
3. Create a Schedule Export to send the log data periodically.
This would a suitable low code/no code option in my opinion.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2022 12:09 AM
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2022 12:09 AM
If anyone else is doing this differently, please let me know
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2023 11:01 PM
I have the same query and was looking for some options. I Understand this is an old post and you may have found the solution.
The below answer may be helpful if someone has a similar query.
I found that ServiceNow provides a sysLog probe to export log messages from ServiceNow to log servers sing MIDServer. The below Servicenow Docs link will provide more details.
