You can use the Event and Alert Ingestion for Security Operations Plugin to reuse existing Custom UI (UI macros/UI Formators), designed for Event ingestion in all the upcoming SIEM integrations. This fastens the development life cycle of any new SIEM integration.
This integration includes the following key features:
- The ability to reuse the existing custom UI (UI macros/UI formators), designed for event/alert ingestion in all the upcoming SIEM integrations, accelerates the development life cycle of any new SIEM integration.
- The Common plugin reduces the duplication of code.
- The Common plugin provides standardized execution flows for all event ingestion plugins.
- This integration includes the following key tables and utility scripts:
- MappingUtils
- IncidentPreviewBase
- TransformEventBase
- IntegrationProfileAjax
- Abstract Profile Table
- Integration Run Table
- Changed:
- Updated jQuery UI libraries to the latest versions.
- Fixed:
- Accessibility issues in security mapping fields on the Profile page.
The Security Incident Response Dependency plugin (com.snc.si_dep) is required. This plugin automatically installs all the dependencies required to support the Security Incident Response product. Install and activate this plugin before installing and activating the other Security Operations applications required by the integration.
Verify that the following Security Operations applications are installed and activated from the ServiceNow Store. If not installed, install and activate one application at a time in the order listed below to ensure a smooth installation:
- Security Incident Response
Note: Before installing the Event Ingestion Common plugin, you must activate the following Integration Hub plugins:
2. ServiceNow IntegrationHub Action Step - REST.
3. ServiceNow IntegrationHub Runtime.