In regards to the Actions tab for NTP, one of the selections is to “Send to NTM”. Has anyone used this and if so, how does it show up in NTM? What we’d like to do is to utilize the fact that NTM can create ServiceNow tickets and would like to see if there’s a way to have some specific policies/alerts in NTP being able to be reported to NTM and have it generate those tickets. It would be even better to have that capability native in NTP. Maybe that’s a feature request?
Thanks!
Hey Art,
This option just sends the raw events captured by the policy to NTM. They’re most likely covered in the policies tailored to NTM already, so those events may already be making their way into the tool. You can see that this checkbox is selected for the out of the box NTM templates and compare those policies to what you’re trying to send.
Depending on your use case, you could curate a custom threat in NTM that looks for the scenario you’re trying to capture and have that trigger a playbook to send it off to ServiceNow.