- Case Manager Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Add an Incident Source
Add an incident source, like ServiceNow, Splunk, or IBM QRadar, to ingest logs from those servers into Case Manager. You must add an incident source before specifying which logs to ingest.
IP address or hostname of the server
TCP port
Username and password
To add ServiceNow, you must complete specific prerequisites.
In the sidebar, click SETTINGS
, then select Core.Under INCIDENT INGESTION, select Incident Sources.
Click Add a new incident source
.Enter information about the incident source:
Server Type – Select the source you wish to ingest data from.
IP Address or Hostname – Enter the IP address or hostname of the server.
TCP Port – Enter the TCP port number of the server.
Username – Enter your username for the server.
Password – Enter your password for the server.
To validate your connection to the source, click TEST CONNECTIVITY. If you see an error, verify the information you entered, then retest the connection.
Click SAVE.
To specify the type of data to query from the source, add an incident feed.