ServiceNow and Elastic

Align and inform your teams from top to bottom.



Countless organizations depend on both ServiceNow IT Service Management (ITSM) and the Elastic Stack to pursue their missions effectively, efficiently — and to reduce unnecessary risk. Native integrations between the platforms help organizations make the most of their data and empower their people.

ServiceNow incidents and Elastic Stack alerts

Threshold alerts set up within the Elastic Stack can easily be configured to push incidents directly to ServiceNow. Give your ITOps teams the ability to move from reactive to proactive when ensuring the health of vital systems with alerts that flag issues before a crisis happens. Enable your SecOps teams to make real-time, data-driven alerts from core systems a part of their automated security orchestration in order to identify, prioritize, and resolve threats faster.

ServiceNow ITSM and Elastic SIEM

A prebuilt integration between ServiceNow ITSM and the case management features in Elastic SIEM enables security practitioners to forward cases from the Elastic deployment to the ServiceNow deployment for cross-organizational remediation and tracking. When situations change, case updates keep ServiceNow users in the loop.

Integration details

This integration allows analysts to investigate a threat or operational matter with the Elastic SIEM app and compile forensic evidence and related comments along the way. And all it takes to open or update a related ServiceNow ticket is a click. The integration is quick and easy to adopt and allows your organization to:

  • Reduce risk by ensuring a clear hand-off between security, incident response, and related teams
  • Improve productivity by automating key steps
  • Enable tracking of MTTR and related metrics by aligning cross-team workflows

The Elastic SIEM app supports the work of any team looking to alert on Elastic Common Schema-compliant data, investigate key issues, and directly connect with third-party ticketing tools like ServiceNow ITSM, allowing the integration to provide value even beyond the security operations center (SOC).

ServiceNow ITSM and Elastic Workplace Search

This integration provides analysts direct access to the vital information available within ServiceNow. The solution augments the knowledge of individual analysts with the expertise and resources of the broader organization — all through a simple search. In the process, the solution promotes cross-team learning and collaboration.

Investigating an application attack? Simultaneously search Jira and GitHub. Need to know who works where? Look across Confluence, Google Drive, and custom sources added with our prebuilt connector API. And do it all from a single console, quickly pursuing valuable information from across your ecosystem, no matter where it lives. A prebuilt connector makes implementation easy, and the combined power of ServiceNow ITSM and Elastic Workplace Search makes it possible.

Learn more

Check out the following technical resources or connect with your local Elastic field team to learn more about these integrations.