Set up a profile for scheduled notable event ingestion
Depending on the profile defined, Splunk ES notable events are automatically ingested into the Security Operations environment of your ServiceNow AI Platform instance.
The following table shows the list of tasks you need to follow to set up a profile for scheduled ingestion of notable events:
| Task | Section |
|---|---|
| Create an event profile | See Create a profile |
| Select notable events based on correlation search name | See Set Correlation rules |
| Map notable event fields | See Explore Mapping |
| Create custom mappings | See Map notable events |
| Preview the security incident | See Preview security incident |
| Schedule and retrieve new and updated notable events | See Schedule and retrieve notable events |
| Automate notable event updates and closure based on SIR incident status | See Automate notable event updates and closures |