Using ServiceNow Security Operations Integration add-on

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:1分

    • Create security events and incidents directly from Splunk alerts after setting up ServiceNow Security Operations Integration add-on.

    始める前に

    Role required: sn_si.integration_user, sn_si.analyst

    手順

    1. Log in to Splunk Enterprise.
    2. Navigate to Apps > Search & Reporting.
    3. Enter a keyword in the New Search field.
      A list of events with the keyword show up.
    4. Expand any of the events using (>) icon.
    5. Select Event Actions.
      • Create ServiceNow Security Event: Events are stored in the em_event table.
        注:

        Install Event Management plugin to access the em_event table.

      • Create ServiceNow Security Incident: Incidents are stored in the sn_si_incident table.
        注:
        The mapping is pre defined as we don't have a profile for this add-on.

      Event actions in Splunk enterprise