Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Microsoft defender for endpoint integration without the SIR

sylvainbarr
Tera Contributor

‎10-01-2025 05:30 AM

 
0 Helpfuls
  • 504 Views
4 REPLIES 4

Dr Atul G- LNG
Tera Patron
Tera Patron

‎10-01-2025 05:32 AM

Sorry, could you please clarify your exact requirement? Are you trying to integrate Microsoft Defender with ServiceNow?"

 

https://www.servicenow.com/docs/bundle/zurich-security-management/page/product/secops-integration-si...

As far as I know, ServiceNow does not recommend proceeding without using SIR."

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

sylvainbarr
Tera Contributor
In response to Dr Atul G- LNG

‎10-01-2025 05:47 AM

Thanks for the quick reply, I did add details, I was to quick on the post button. I am aware that it's not recommended, my client does not have the budget to go with SIR yet. currently we are using an e-mail/inbound action to generate incident, and we want to move away from that approach.

0 Helpfuls

sylvainbarr
Tera Contributor

‎10-01-2025 05:38 AM

Sorry for the lack of details; 

So I have to integrate Microsoft Defender for Endpoint (MDE)t with ServiceNow without the SIR (SecOps). This integration will be used to generate incidents based on specific triggers on the MDE side. I know Microsoft Defender for cloud apps has an integration plug in that can be used as a point to point or in conjonction with Logic apps integration engine. My question, is there a similar available integration option for MDE natively?

0 Helpfuls

Dr Atul G- LNG
Tera Patron
Tera Patron
In response to sylvainbarr

‎10-01-2025 05:53 AM

Hi @sylvainbarr 

To the best of my knowledge, there isn’t a native integration available for MDE (Microsoft Defender for Endpoint).

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************