Complete the following steps to set up the sending of threats from UBA to ServiceNow:

1. Select Manage > Output Connectors.
2. Click New Output Connector
3. Select ServiceNow and click Next.
4. Enter a Name to identify the integration inside Splunk UBA.
   For example, SOC ticketing system.
5. Enter a Server Name that matches the host name or IP address of the ServiceNow server.
6. Enter a username for a ServiceNow account that Splunk UBA can use to log in and create incidents.
7. Enter the password for the ServiceNow account.
8. (Optional) Type a Reported By default user. Leave blank to use Splunk UBA.
9. (Optional) Type a Category for all incidents created by Splunk UBA. Leave blank to use Threat, or set no category.
10. (Optional) Type a Prefix for the ServiceNow incident number. By default the threats have a prefix of "UBA".
    For example, the ServiceNow incident number for a threat with an ID of 82 will be UBA82.
11. (Optional) Select the Auto Process check box to send all identified threats to ServiceNow. If you leave the check box deselected, you can use the Actions menu on a threat to send it to ServiceNow.
12. Click OK to save the output connector.