ServiceNow and Elastic

Align and inform your teams from top to bottom.

Getting started with Elasticsearch: Store, search, and analyze with the free and open Elastic Stack.

Watch video

Intro to ELK: Get started with logs, metrics, data ingestion and custom vizualizations in Kibana.

Watch video

Getting started with Elastic Cloud: Launch your first deployment.

Learn more


Countless organizations depend on both ServiceNow IT Service Management (ITSM) and the Elastic Stack to pursue their missions effectively, efficiently — and to reduce unnecessary risk. Native integrations between the platforms help organizations make the most of their data and empower their people.

ServiceNow incidents and Elastic Stack alerts

Threshold alerts set up within the Elastic Stack can easily be configured to push incidents directly to ServiceNow. Give your ITOps teams the ability to move from reactive to proactive when ensuring the health of vital systems with alerts that flag issues before a crisis happens. Enable your SecOps teams to make real-time, data-driven alerts from core systems a part of their automated security orchestration in order to identify, prioritize, and resolve threats faster.

ServiceNow and Elastic Security

A prebuilt integration between ServiceNow (ITSM and SecOps) and various features of Elastic Security enable security practitioners to seamlessly integrate ServiceNow into their existing detections and cases workflows. This allows analysts and security detection engineers to track ongoing cases in ServiceNow ITSM or SecOps, as well as automating the creation of security incidents in ServiceNow as a result of potentially malicious behavior picked up by the detection engine.



All it takes to open or update a related ServiceNow ticket is a click. The integration is quick, easy to adopt, and allows analysts to:

  • Investigate a threat or operational matter with the Elastic Security app and compile forensic evidence and related comments along the way
  • Automate the creation of a ticket in ServiceNow ITSM via detection engine actions, passing on any details they would like from the event in question
  • Reduce risk by ensuring a clear handoff between security, incident response, and related teams
  • Improve productivity by automating key steps
  • Enable tracking of MTTR and related metrics by aligning cross-team workflows

The Elastic Security app supports the work of any team looking to alert on Elastic Common Schema-compliant data, investigate key issues, and directly connect with third-party ticketing tools like ServiceNow ITSM — allowing the integration to provide value even beyond the SOC.


In addition to ServiceNow ITSM, users of ServiceNow SecOps can enjoy the same analyst workflow via cases. This integration enables users to send case information, including observables associated with the case. This case information can be used to trigger playbooks, such as data enrichment, firewall rule updates, and containment of infected hosts.

ServiceNow ITSM and Elastic Workplace Search

This integration provides analysts direct access to the vital information available within ServiceNow. The solution augments the knowledge of individual analysts with the expertise and resources of the broader organization — all through a simple search. In the process, the solution promotes cross-team learning and collaboration.

Investigating an application attack? Simultaneously search Jira and GitHub. Need to know who works where? Look across Confluence, Google Drive, and custom sources added with our prebuilt connector API. And do it all from a single console, quickly pursuing valuable information from across your ecosystem, no matter where it lives. A prebuilt connector makes implementation easy, and the combined power of ServiceNow ITSM and Elastic Workplace Search makes it possible.

Learn more

Check out the following technical resources or connect with your local Elastic field team to learn more about these integrations.