Splunk® User Behavior Analytics

Administer Splunk User Behavior Analytics

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Send threats from Splunk UBA to ServiceNow

Create incidents in ServiceNow from threats in Splunk UBA.

Prerequisites

A ServiceNow account that Splunk UBA can use to log in and create incidents

Steps

  1. Select Manage > Output Connectors.
  2. Click New Output Connector
  3. Select ServiceNow and click Next.
  4. Type a Name to identify the integration inside Splunk UBA.
    For example, SOC ticketing system.
  5. Type a Server Name that matches the host name or IP address of the ServiceNow server.
  6. Type a username for a ServiceNow account that Splunk UBA can use to log in and create incidents.
  7. Type the password for the ServiceNow account.
  8. (Optional) Type a Reported By default user. Leave blank to use Splunk UBA.
  9. (Optional) Type a Category for all incidents created by Splunk UBA. Leave blank to use Threat, or set no category.
  10. (Optional) Type a Prefix for the ServiceNow incident number. By default the threats have a prefix of "UBA".
    For example, the ServiceNow incident number for a threat with an ID of 82 will be UBA82.
  11. (Optional) Select the Auto Process check box to send all identified threats to ServiceNow. If you leave the check box deselected, you can use the Actions menu on a threat to send it to ServiceNow.
  12. Click OK to save the output connector.
Last modified on 07 January, 2020
PREVIOUS
Send Splunk UBA threats to analysts using email
  NEXT
Troubleshoot Splunk UBA event processing

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1, 5.1.0, 5.1.0.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters