Skip to main content

Case ManagerCase Manager Documentation

Add an Incident Source

Add an incident source, like ServiceNow, Splunk, or IBM QRadar, to ingest logs from those servers into Case Manager. You must add an incident source before specifying which logs to ingest.

  • IP address or hostname of the server

  • TCP port

  • Username and password

To add ServiceNow, you must complete specific prerequisites.

  1. In the navigation bar, click the menu The menu icon in the navigation bar; three white lines on a green background., select Settings, then select Core.

  2. Under INCIDENT INGESTION, select Incident Sources.

  3. Click Add a new incident source A blue circle with a white plus sign..

  4. Enter information about the incident source:

    • Server Type – Select the source you wish to ingest data from.

    • IP Address or Hostname – Enter the IP address or hostname of the server.

    • TCP Port – Enter the TCP port number of the server.

    • Username – Enter your username for the server.

    • Password – Enter your password for the server.

  5. To validate your connection to the source, click TEST CONNECTIVITY. If you see an error, verify the information you entered, then retest the connection.

  6. Click SAVE.

    To specify the type of data to query from the source, add an incident feed.