Hi guys,
I have configured my servicenow integration with splunk and it works fine, we can create notables from any scheduled/correlation search. However, does anyone happen to know if we can use this integration to make a notable into a service now incident using an ad hoc adaptive response? It works if its configured as an alert action but we don't want every notable to go into servicenow. Our idea was that notables are tier 1 and then using this manual invocation of the adaptive response, they go into servicenow to become tier 2 events.
Does anyone know if this can be done? In this splunk dev article: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBE under the "Determine whether your action supports ad hoc invocation" it says any action that uses the SENDALERT action should support ad hoc invocation but I'm unsure how to properly check this.
Any advice would be greatly appreciated.
Thanks,
... View more