Microsoft Sentinel and ServiceNow Bidirectional Sync - Assignment group issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2024 12:46 AM - edited 03-08-2024 12:50 AM
Hi All,
I have the Microsoft Sentinel Plugin installed for the bi-directional sync of incidents:
The Incidents are being created but we need this Incidents to be assigned to Security team directly when created.
We already have a Assignment rule in place that any new incident created will be assigned to Service Desk.
Now we are facing difficulty to assign these Security incidents directly to their group instead of Service Desk.
We have tried with async business rule and assignment rule but sometimes it is not working.
Please let us know the solution for this.
Thanks,
Sravani
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2024 01:20 AM
Hello @Sravani10,
Please refer to the below link:
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-incident-bi-direct...
Mark my correct and helpful, if it is helpful and please hit the thumbs-up button to mark it as the correct solution.
Thanks & Regards,
Abbas Shaik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2024 03:57 AM
Hello @Abbas_5 ,
Thanks for the reply.
The link shows sending data to sentinel, but I need help in setting Assignment group field in Servicenow when incident is created from Sentinel.
Please help on this.
Thanks,
Sravani
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2024 04:02 AM
Hi @Sravani10 ,
Few solutions !
1. You need to work on the source of this incident creation. You can invoke the sys_id of assignment group during incident creation.
2. You can make use of assignment lookup rules.
3. You can try before insert business rule to set the sys_id of the group in assignment group field.
i hope this helps...
☑️ Please mark responses as HELPFUL or ACCEPT SOLUTION to assist future users in finding the right solution....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2024 10:43 PM
Hi @Sravani10
we are planning to integarte sentenal to servicenow .
so i go through the above document and servicenow document both are different now
Azure-Sentinel/Solutions/Servicenow/StoreApp/README.md at master · Azure/Azure-Sentinel · GitHub
which document is latest and I ned to follow to complete integration?
so I am stucked in the configuration
Here name,identity URL and azure resource manger I have doubt what I need to mentioned here
I am getting error once I filled all the details
could you please guide me on this
Regards
Shaik.Rabbani