Splunk integration setup

Setup procedures for the ServiceNow Security Operations add-on for Splunk include downloading the add-on file in Splunk, installing the add-on, and setting up the ServiceNow instance where security incidents and events are created.

Required role

Before performing Splunk integration setup procedures, be sure to define an integration user with the sn_si.integration_user and sn_si.analyst roles on your ServiceNow instance. Additionally, in order to perform imports, you need the import_transformer role to obtain read and write permission to the security tables. The sn_si.integration_user role should be defined with the import_transformer portion of the role.