ServiceNow Event Collector
Use this integration to fetch audits, syslog transactions, cases, and outbound HTTP logs from ServiceNow as Cortex XSIAM events.
Analytics & SIEM · ServiceNow
Configuration parameters
url— ServiceNow URL, in the format https://company.service-now.com/ (required)credentials— Username (required)client_credentials— Client IDapi_version— ServiceNow API Version (e.g., 'v1')use_oauth— Use OAuth Loginevent_types_to_fetch— Event Types To Fetchmax_fetch— Maximum audit events to fetchmax_fetch_syslog_transactions— Maximum syslog transactions events to fetchmax_fetch_case— Maximum case events to fetchmax_fetch_outbound_http— Maximum outbound HTTP log events to fetcheventFetchInterval— Events Fetch Intervalinsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (5)
-
service-now-get-audit-logsReturns events extracted from ServiceNow. This command is used for developing/debugging and is to be used with caution, as it can create events, leading to event duplication and exceeding the API request limitation.
-
service-now-get-case-logsReturns cases extracted from ServiceNow. This command is used for developing/debugging and is to be used with caution, as it can create events, leading to event duplication and exceeding the API request limitation.
-
service-now-get-outbound-http-logsReturns outbound HTTP log events extracted from ServiceNow. This command is used for developing/debugging and is to be used with caution, as it can create events, leading to event duplication and exceeding the API request limitation.
-
service-now-get-syslog-transactionsReturns syslog transactions events extracted from ServiceNow. This command is used for developing/debugging and is to be used with caution, as it can create events, leading to event duplication and exceeding the API request limitation.
-
service-now-oauth-loginGenerate a refresh token using your existing credentials. Use this command if you encounter access_denied or other errors related to your access token when using OAuth 2.0.