Setup Splunk environment

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 5분

    • ServiceNow Security Operations Integration enables seamless integration between Splunk and ServiceNow Security Operations. To set up or change the ServiceNow instance where new security incidents and security events are created, use the setup action in the application list.

    시작하기 전에

    Install Event Management plugin to access the em_event table.

    Role required: sn_si.integration_user, sn_si.analyst

    이 태스크 정보

    주:
    You're not required to have a profile for this addon. It directly creates the security event or the security incident.

    If you want to export events manually and on-demand from your Splunk Enterprise console for the integration, download, install, and set up the ServiceNow Security Operations Integration add-on from Splunkbase in your Splunk Enterprise console.

    This ServiceNow extension addon is required so that security incidents can be created from manually exported events in your ServiceNow AI Platform instance. This ServiceNow ServiceNow Security Operations Integration add-on is available on splunkbase.

    프로시저

    1. Log in to Splunk Enterprise.
    2. Select Manage Apps gear icon on the menu drop-down list.
    3. In the list of applications, search for ServiceNow apps using the filter.
    4. Look for the ServiceNow Security Operations Integration add-on, and select the corresponding Set up action.
    5. On the form, fill in the fields.
      FieldDescription
      URL URL of the ServiceNow instance for your Splunk Enterprise Security console or Splunk Cloud instance.
      Auth type Authentication method to be used for API requests. The available options include:
      • Basic Authentication: Uses username and password to authenticate requests.
      • OAuth 2.0 Authentication: Uses access tokens to authenticate requests.
      Basic Authentication  
      Username Username of the user.

      User with the (sn_si.integration_user, sn_si.analyst) role should be present in the ServiceNow instance specified in the preceding URL field.
      Password Password of the user.

      User with the (sn_si.integration_user, sn_si.analyst) role should be present in the ServiceNow instance specified in the preceding URL field.
      Confirm Password Renter the password to confirm it.
      OAuth 2.0 Authentication  
      Client ID Client ID of the app created on the ServiceNow Server. For information on how to get the Client ID, see Configure Application Registry on the ServiceNow instance
      Client Secret Client Secret of the app created on the ServiceNow Server. For information on how to get the Client Secret, see Configure Application Registry on the ServiceNow instance
      Redirect URL The URL to be redirected to.

      Copy and paste this URL in the redirect URL field of the Application Registries record.
      Optional Proxy  
      Proxy URL Proxy URL for your Splunk Enterprise Security console or Splunk Cloud instance.
      Port Address of the port.
      Username Username that you created for the Proxy account on the Splunk Enterprise Security console.
      Password Password that you created for the Proxy account on the Splunk Enterprise Security console.
      Confirm Password Renter the password to confirm it.
      Logging Level Setup  
      Logging Level The level of reporting logs generated by the integration, meaning the name of the type of information. You can also update the value to the following options:
      • info
      • error
      • warn
      • debug

      By default, the value is info.
      API Selection  
      API Selection Select one of the following APIs:
      • Table API
      • Import Set API

      ServiceNow Security Operations Integration set up on Splunk

    6. Select Save.

    다음에 수행할 작업

    Using ServiceNow Security Operations Integration add-on