6 Replies · Latest reply on Dec 12, 2017 4:31 AM by Charles Leggett

    SecOps - Email parsing to generate Security Incident

      We're looking to setup the Security Operations Email parsing so we can have tools send emails to ServiceNow to generate records.  However, we're having trouble with the 'Email Properties' setup.  Under 'Email Processing Properties', the 'Inbox for Security Incident tools' field - Does this need to be a email account that we send alerts to that ServiceNow maintains (ie, alerts are sent to SecOpsAlert@service-now.com)?  Or does this field need to be an email account that my company maintains (secopsalert@company.com) and then the alert is forwarded/redirected to servicenow?

       

      Currently, we have this setup where all our tools send to one internal address (alert@company.com) and these are redirected to ServiceNow.  However these emails only get seen my the global Inbound Actions, not the SecOps email parser.

       

      Does anyone have this working that would be willing to share their configuration?

       

      Thanks!