This documentation does not apply to the most recent version of Splunk® User Behavior Analytics.
For documentation on the most recent version, go to the latest release.
Send threats from Splunk UBA to ServiceNow
Create incidents in ServiceNow from threats in Splunk UBA.
Prerequisites
You must have a ServiceNow account that Splunk UBA can log into and create incidents.
Steps
- Select Manage > Output Connectors.
- Click New Output Connector
- Select ServiceNow and click Next.
- Type a Name to identify the integration inside Splunk UBA.
For example, SOC ticketing system. - Type a Server Name that matches the host name or IP address of the ServiceNow server.
- Type a username for a ServiceNow account that Splunk UBA can use to log in and create incidents.
- Type the password for the ServiceNow account.
- (Optional) Type a Reported By default user. Leave blank to use Splunk UBA.
- (Optional) Type a Category for all incidents created by Splunk UBA. Leave blank to use Threat, or set no category.
- (Optional) Type a Prefix for the ServiceNow incident number. By default the threats have a prefix of "UBA".
For example, the ServiceNow incident number for a threat with an ID of 82 will be UBA82. - (Optional) Select the Auto Process check box to send all identified threats to ServiceNow. If you leave the check box deselected, you can use the Actions menu on a threat to send it to ServiceNow.
- Click OK to save the output connector.
Last modified on 25 March, 2024
| Send Splunk UBA threats to analysts using email | Troubleshoot Splunk UBA event processing |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0
Download manual
Feedback submitted, thanks!