Microsoft Sentinel, Microsoft Corporation


Microsoft Sentinel, Microsoft Corporation


Note: There may be known issues pertaining to this Solution, please refer to them before installing.

The ServiceNow ITSM solution for Microsoft Sentinel makes it easy to synchronize incidents between Microsoft Sentinel and ServiceNow IT Service Management (ITSM). This can be achieved by either one of the following two options -

Option 1 (Recommended): Bi-directional incident sync using app hosted on ServiceNow store. This option includes the following key features:

• Retrieve Microsoft Sentinel incidents and automate the creation of incidents in ServiceNow.

• Bi-directional sync of Status, Severity, Owner, Comments/Work notes, Entities and alerts.

• Details of alerts and entities added to Work Notes, to improve analyst experience.

• Filtering of Microsoft Sentinel incidents, based on tags or custom filters.

• Support of multiple workspaces, with different incidents filters.

• Support any incident custom table, status or severity fields.

Please note that this option doesn't require installation of content hub solution and will need to be installed and managed from ServiceNow store. Refer to ServiceNow Store for details on how to use this option.

Option 2: Unidirectional sync from Microsoft Sentinel to ServiceNow. Install this solution that includes Microsoft Sentinel playbooks to help create, update (incident comments) and close incidents in ServiceNow when a corresponding incident is created, updated or closed in Microsoft Sentinel.

Playbooks: 3

Learn more about Microsoft Sentinel | Learn more about Solutions