Using ServiceNow Event Ingestion Integration add-on

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Map alerts from Splunk console to create a Security Incident Response (SIR) on the ServiceNow instance.

    Avant de commencer

    Role required: sn_sec_splunk_v2.api_account_access

    Procédure

    1. Log in to Splunk Enterprise.
    2. Navigate to Apps > Search & Reporting.
    3. Select Alerts.
      A list of alerts generated in the Splunk console on the basis of correlation rule configured previously show up.
    4. Select any Configured Alert from the list.
      Trigger History of the configured alert show up.
    5. Select View Results against the alert.
    6. Expand any of the alerts using (>) icon.
    7. From the drop down, select the Workflow action label configured while setting up the add-on.
      For more information on Workflow action label, see Set up ServiceNow Event Ingestion Integration add-on
      Alerts will go in Splunk Import table followed by Splunk Event to Tasks table.

    Résultats

    A Security Incident Response (SIR) record is created on the ServiceNow instance as per the mapping specified in the Manual event forwarding profile. For instructions on how to set up a Manual event forwarding profile, see Create and name an event profile