ServiceNow

Your organization can use collected data to investigate issues across your deployment.

Data is uploaded to ServiceNow via the use of scheduled searches. After saving a search, results are available in ServiceNow. Additionally, you can launch ad-hoc ServiceNow investigations using search results in Sumo Logic.

• To create events in ServiceNow, see Set Up ServiceNow Connections.
• To create incidents in ServiceNow, see Set Up a ServiceNow Incident Webhook Connection.
• To import and maintain real-time information about AWS and VMware virtual machine assets into the ServiceNow CMDB, see the Service Graph Installation and Configuration Guide.
• For the Sumo Logic Cloud SIEM Enterprise (CSE) integration with the ServiceNow Security Incident Response (SIR) module, see Security Incident Response (SIR) Integration.

In this section, we will introduce the following concepts:

📄️ Launch Investigations

You can launch ad-hoc investigations directly from search results in Sumo Logic. You can also use ServiceNow to click over to Sumo Logic to start an investigation.

📄️ Set Up Searches for ServiceNow Integration

Scheduled searches are saved searches that run automatically at specified intervals. When a scheduled search is set to upload search results to ServiceNow, you can combine services for round-trip investigations.

📄️ Set Up ServiceNow Connections

There are two ServiceNow connections available in Sumo Logic.

📄️ Set Up a ServiceNow Security Incident Webhook Connection

This page shows you how to set up a ServiceNow Security Incident Webhook connection and create scheduled searches for the connection.