Please let me know the possibility of McAfee SIEM and ServiceNow integration- Would like to have tickets created by ServiceNow automatically, for alerts in McAfee SIEM.
I haven't done it myself, but others have done it successfully following the information below.
Automatically create an incident through email for a custom application.
Create Incident from Email
Home > Administer > Service Administration > Notifications > Inbound Email Actions
hope this helps.
We have also use the Service Now API via a "utility server. The SNOW API is very well documented and uses REST/JSON. We had on the road map to also pull past ticket related to host in current ticket.
We have it setup via email, we just have to get a unique code from the Service-Now admins for each alarm we intend to send, this code which is placed in the body of the message (at the top) which lets Service-Now know which field mappings and Incident type to create. We work with the Service-Now admins to map the fields we intend to include in the message (providing sample messages), and then figure out where those would map to in Service-Now.
We are trying to expand the usage of Service Now to create Incidents in our new Security Operations Management module with multiple lines of text in the description. To do so our instance of Service-Now is setup to use [$$ and $$] between any text you want to be added to the "Description" if using multiple lines of data.
However the inserted alarm fields already use [$ and ] to enclose specific field data, and thus we are having issues. Working with Service-Now admins to change to ($$ and $$)
Using an escape character of \ does not seem to work, in other words: \[$$ or \[\$\$
Description: [$$ I cannot login to Oracle.
I’m getting a 404 error on the login page.
I suspect the DNS server is down.
description: I cannot login to Oracle.