Splunk Integration Architecture Diagram
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2019 11:28 AM
Is there a standard architecture document for Splunk to ServiceNow integration. We know that there is a MID Server Required along with the plugin but is there anything else needed? Customer is asking for an architecture diagram but I have not been able to locate one.
Thanks
- Labels:
-
Security Incident Response

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2019 12:32 PM
You need to qualify how you want to integrate with Splunk. There are two out of the box integrations. (Sighting Search and SIR/Event Creation) Sighting Search is ServiceNow initiated while the SIR\Event creation is Splunk driven. If the client wants to have Splunk create SIRs or Events then a MID server is not needed. It is a direct API call to ServiceNow. The MID server is needed for Sighting Searches.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2019 05:17 PM
We are looking at the SIR/Event Creation in SecOps right now but will be looking at the Sighting Search in the next few weeks. Do you have instructions on both how it works with the MID Server and with the API call?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2019 08:24 PM