Splunk® User Behavior Analytics

Administer Splunk User Behavior Analytics

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Send threats from Splunk UBA to ServiceNow

Create incidents in ServiceNow from threats in Splunk UBA.

Prerequisites

You must have a ServiceNow account that Splunk UBA can log into and create incidents.

Steps

  1. Select Manage > Output Connectors.
  2. Click New Output Connector
  3. Select ServiceNow and click Next.
  4. Type a Name to identify the integration inside Splunk UBA.
    For example, SOC ticketing system.
  5. Type a Server Name that matches the host name or IP address of the ServiceNow server.
  6. Type a username for a ServiceNow account that Splunk UBA can use to log in and create incidents.
  7. Type the password for the ServiceNow account.
  8. (Optional) Type a Reported By default user. Leave blank to use Splunk UBA.
  9. (Optional) Type a Category for all incidents created by Splunk UBA. Leave blank to use Threat, or set no category.
  10. (Optional) Type a Prefix for the ServiceNow incident number. By default the threats have a prefix of "UBA".
    For example, the ServiceNow incident number for a threat with an ID of 82 will be UBA82.
  11. (Optional) Select the Auto Process check box to send all identified threats to ServiceNow. If you leave the check box deselected, you can use the Actions menu on a threat to send it to ServiceNow.
  12. Click OK to save the output connector.
Last modified on 25 March, 2024
Send Splunk UBA threats to analysts using email   Troubleshoot Splunk UBA event processing

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters