- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2022 08:19 AM
Our Infosec team has required that all admin activity that occurs in ServiceNow needs to be exported to an external syslog server. From initial review, it looked like the SecOps module included SIEM integrations. However, it appears that integration is to ingest SIEM events/logs and create incidents.
Original research article that suggested SecOps:
Advantages of a Security Information and Event Man... - ServiceNow Community
From another post in this forum, I found a similar question and the response seems to indicate that the solution to my need will need to be mostly custom. From my prior experience this is a common request for InfoSec teams and I am curious how other companies have solved this.
Similar post regarding our need:
Best Methods to export user login (Successful and ... - ServiceNow Community
Solution to prior mentioned post:
User login-logout statistics/report for an instance - Support and Troubleshooting (servicenow.com)
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2022 11:51 AM
In the Trust site, there is a link to the guide, and on pages 8 and 9, it discusses how to get ServiceNow logs into your own Syslog server of SIEM. Here is a direct link to that document:
https://support.servicenow.com/$viewer.do?sysparm_stack=no&sysparm_sys_id=a8f29b7a1bde95d0b4b577bc1d...
And on the docs site, you'll want to scroll down to:
https://docs.servicenow.com/bundle/tokyo-platform-administration/page/integrate/vendor-specific-inte...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2022 08:56 PM - edited 12-06-2022 08:56 PM
Hello, you should be able to locate the instructions you seek at:
https://docs.servicenow.com/bundle/tokyo-platform-security/page/administer/reference-pages/concept/p...
and
https://www.servicenow.com/company/trust.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2022 06:23 AM
Thank you for your reply. I do not see anything related to syslog exports in either of the links that you shared. Am I missing something?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2022 11:51 AM
In the Trust site, there is a link to the guide, and on pages 8 and 9, it discusses how to get ServiceNow logs into your own Syslog server of SIEM. Here is a direct link to that document:
https://support.servicenow.com/$viewer.do?sysparm_stack=no&sysparm_sys_id=a8f29b7a1bde95d0b4b577bc1d...
And on the docs site, you'll want to scroll down to:
https://docs.servicenow.com/bundle/tokyo-platform-administration/page/integrate/vendor-specific-inte...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2022 12:53 PM
It does help quite a bit. It appears it will be mostly manually creating business rules for the tables listed on those pages.