Create a profile
You can set up a profile so that notable events are automatically ingested.
시작하기 전에
Role required: sn_si.ingestion_profile_admin
주:
Users with the sn_si.admin role can perform all operations available to a profile admin, as the sn_si.admin role inherits the required permissions by default.
프로시저
-
Fill in the fields.
An example of a completed form follows the table.
Field Description Name Unique name for the profile. If names are not unique, an error will be displayed and duplicate profile names are not saved. Profile names in your ServiceNow AI Platform instance must be unique.
Active Check box is cleared and disabled by default. You should complete all sections in the profile before making it active. Type Select the profile type from the choice list. - Scheduled Event Ingestion: This type of profile supports notable events that are ingested on a configured schedule. Fill in the fields.
- Manual Event Forwarding: This type of profile supports notable events that are forwarded manually from your Splunk Enterprise Security Incident Review console on demand. See the following steps to fill out the form for these types of profiles.
Source Splunk server or search end that you configured to ingest notable events. If you have multiple Splunk servers configured, select the appropriate server for the notable event types that will be ingested for the profile. You are required to enter a value. Order Default is 100. If you have created multiple profiles, this value provides a run time execution priority when two or more profiles share the same triggering conditions. The workflow in the profile with the lowest number has the highest priority.
(Optional) Description Additional text to help you distinguish this profile from other profiles. The following figure is an example of a completed form for a scheduled notable event type.
다음에 수행할 작업
The next step is to select notable events for automatic ingestion.