Skip to content

ServiceNow Incident Integration as an alert action #451

New issue
New issue
Open
Feature
Open
ServiceNow Incident Integration as an alert action#451
Feature
Labels
enhancementNew feature or request
@AndreiBanaru

Description

@AndreiBanaru
AndreiBanaru
opened on Nov 7, 2025

Is your feature request related to a problem? Please describe.
Yes, for an increased coverage in DaC, we need support for various Adaptive Responses (alert actions).

Describe the solution you'd like
One of the most used Adaptive Responses in ES is to create incidents in the ServiceNow platform. There is a Splunk supported TA for this, called Splunk Add-on for ServiceNow.

I'd like to have the option to configure the snow_incident alert action in my detection definitions.

Describe alternatives you've considered
Continue to use Splunk Web to configure the snow_incident adaptive response for each detection.

Additional context
Is there interest for this, so I can open a PR to propose changes?

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions