Allow users to request to run an application, installation, script, or task by sending a ticket directly to ServiceNow
Capture events from Privilege Management and report on them in Splunk Enterprise.
The ServiceNow integration enables the submission of a ticket to the IT team, so that they can make an informed and expedited decision on the user’s request to run an application, installation, script, or task.
In the default configuration, when a user runs an application that you are targeting with the ServiceNow Rule Script, the user is presented with the option to raise an incident in ServiceNow or cancel the request. The ServiceNow ticket includes caller, a short description, and a complete description that includes the business justification, the program name, program publisher, program path, challenge code, and the business justification the end user provided.
Administrators can then take action on the incident in ServiceNow and supply the end user with a response code. The end user can then use the response code to 'unlock' the application, allowing it to run.
Splunk Enterprise can be used to capture and report on events from Privilege Management. You can collect BeyondTrust events in two different ways:
