Select scheduled alerts for the Splunk Enterprise Event Ingestion integration
-
- UpdatedJan 30, 2025
- 2 minutes to read
- Yokohama
- Security Incident Response integrations
Select scheduled alerts for the Splunk Enterprise Event Ingestion integration
After you have created a profile for a scheduled alert, select a Splunk alert for this profile that you want to map to a ServiceNow AI Platform Security Incident Response security incident.
Before you begin
Role required: sn_si.ingestion_profile_admin
About this task
View the available alerts in your ServiceNow AI Platform instance so you know which field values are available for mapping. Select an alert to verify that you receive the expected results on the basic form layout before you map the values to fields on SIR security incidents. You can only select one alert from the list in this form.
Procedure
What to do next
You have successfully selected an alert for a scheduled alert profile. The next step is map alert values to fields on a security incident.