Hey Dejaun,
I work in QRadar Support and moderate here in the forums. There is no official DSM that IBM has created and managed for ServiceNow; however, there is a community developed Universal Cloud REST API configuration (not supported) for ServiceNow that you might want to review. This should allow you to hit the ServiceNow API endpoints to pull back data or actionable events from endpoints that QRadar has line of sight to in ServiceNow.
As this is a Universal Cloud REST API, we do not take cases on assisting users with these configs, but a workflow exists to connect to the remote ServiceNow endpoints.
References
If you have questions or concerns about anything I posted, let me know.
Edit: Fixed typos and updated links to open links in new tabs.
------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
------------------------------
Original Message:
Sent: Wed April 12, 2023 04:07 AM
From: Dejaun Barker
Subject: QRadar SIEM and ServiceNow Integration (not ticketing creations)
Hi All,
I'm looking into a project to be able to monitor a ServiceNow instance with QRadar.
I've seen a lot of posts on here relating to creating a button or feature to forward QRadar incidents/alerts to ServiceNow, but this isn't what I'm looking for.
I'm looking to be able to somehow, include ServiceNow as a flow or log source to be able to monitor the traffic or activities performed within the ServiceNow instance, I've so far, been unable to find any docs on this so this is my only hope!
I look forward to your responses :)
------------------------------
exss - Security Engineer
------------------------------