Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Splunk integration setup

Log in to subscribe to topics and get notified when content changes.

Splunk integration setup

Setup procedures for the ServiceNow Security Operations add-on for Splunk include downloading the add-on file in Splunk, installing the add-on, and setting up the ServiceNow instance where security incidents and events are created.

Required role

Before performing Splunk integration setup procedures, be sure to define an integration user with the sn_si.integration_user and sn_si.analyst roles on your ServiceNow instance. Additionally, in order to perform imports, you need the import_transformer role to obtain read and write permission to the security tables. The sn_si.integration_user role should be defined with the import_transformer portion of the role.