Microsoft Sentinel and ServiceNow Bidirectional Sync - Assignment group issue

Sravani10
Tera Contributor

Hi All,

I have the Microsoft Sentinel Plugin installed for the bi-directional sync of incidents:

 

Sravani10_0-1709887181655.png

The Incidents are being created but we need this Incidents to be assigned to Security team directly when created.

We already have a Assignment rule in place that any new incident created will be assigned to Service Desk.

Now we are facing difficulty to assign these Security incidents directly to their group instead of Service Desk.
We have tried with async business rule and assignment rule but sometimes it is not working.
Please let us know the solution for this.

 

Thanks,

Sravani

 

 

4 REPLIES 4

Abbas_5
Tera Sage
Tera Sage

Hello @Sravani10,

Please refer to the below link:
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-incident-bi-direct...

 

Mark my correct and helpful, if it is helpful and please hit the thumbs-up button to mark it as the correct solution.
Thanks & Regards,
Abbas Shaik

Hello @Abbas_5 ,

Thanks for the reply.

The link shows sending data to sentinel, but I need help in setting Assignment group field in Servicenow when incident is created from Sentinel.
Please help on this.

 

Thanks,

Sravani

Sohail Khilji
Kilo Patron
Kilo Patron

Hi @Sravani10 ,

 

Few solutions !

1. You need to work on the source of this incident creation. You can invoke the sys_id of assignment group during incident creation.

2. You can make use of assignment lookup rules.

3. You can try before insert business rule to set the sys_id of the group in assignment group field.

 

i hope this helps...


☑️ Please mark responses as HELPFUL or ACCEPT SOLUTION to assist future users in finding the right solution....

LinkedIn - Lets Connect

rabbanis
Tera Contributor

Hi @Sravani10 

we are planning to integarte sentenal to servicenow .

so i go through the above document and servicenow document both are different now 

Azure-Sentinel/Solutions/Servicenow/StoreApp/README.md at master · Azure/Azure-Sentinel · GitHub

 

https://docs.servicenow.com/bundle/xanadu-security-management/page/product/secops-integration-sir/se...

which document is latest and I ned to follow to complete integration?

so I am stucked in the configuration 

Here name,identity URL and azure resource manger I have doubt what I need to mentioned here

 

I am getting error once I filled all the details

could you please guide me on this 

 

Regards

Shaik.Rabbani