How to integrate Sentinel to Incident ( ITSM)

B Ashok · ‎02-16-2024

Hello,

We would like to integrate Sentinel alerts to Create an incident in the ITSM. ( not SIR )

When I search I'm getting about Sentinel to Security Incident Response, we don't have Sec Ops module in ServiceNow, we have only ITSM, please help how to integrate Sentinel to ITSM Incident

Thanks

Ashok

chetanb · ‎02-16-2024

Hello @B Ashok

Did you get a chance to look at -

Microsoft Sentinel and ServiceNow ITSM integration documentation: https://docs.servicenow.com/bundle/washingtondc-security-management/page/product/secops-integration-...
Azure Logic Apps documentation: https://learn.microsoft.com/en-us/azure/logic-apps/
Azure Automation Runbooks documentation: https://learn.microsoft.com/en-us/azure/automation/
Third-party solutions websites:

Regards,

CB

chetanb · ‎02-16-2024

Also you can check

Palo Alto Networks Cortex XSOAR: https://www.paloaltonetworks.com/cortex/cortex-xsoar

Rapid7 InsightConnect: https://docs.rapid7.com/insightconnect/D

Deepwatch: https://www.deepwatch.com

If my answer is helpful to resolve your query kindly mark as correct and helpful.

Regards,

CB

Phil A · ‎02-28-2024

I have exactly the same use case. We have the integration running with SIR and creating security incidents using the ServiceNow store APP 'Microsoft Azure Sentinel Incident Ingestion Integration For Security Operations', however we have now been asked if ITSM incidents can be created depending on the sentinel alert. I'm sure the Microsoft branded connector (x_mioms_azsentinel) used to allow (and default to this) but cant see a way to do it using the ServiceNow store app. Not tested I don't think running both at the same time will work well?? Any ideas, if this can be done without using a web hook to create manually?

Carl Fransen1 · ‎11-27-2024

Have you seen the Sentinal free Store app that allows integration to INC (not SecOps)....

https://store.servicenow.com/sn_appstore_store.do#!/store/application/407209291b05f850d7644377cc4bcb...