Hi All,
I have the Microsoft Sentinel Plugin installed for the bi-directional sync of incidents:
The Incidents are being created but we need this Incidents to be assigned to Security team directly when created.
We already have a Assignment rule in place that any new incident created will be assigned to Service Desk.
Now we are facing difficulty to assign these Security incidents directly to their group instead of Service Desk.
We have tried with async business rule and assignment rule but sometimes it is not working.
Please let us know the solution for this.
Thanks,
Sravani
Hi @Sravani10 ,
Few solutions !
1. You need to work on the source of this incident creation. You can invoke the sys_id of assignment group during incident creation.
2. You can make use of assignment lookup rules.
3. You can try before insert business rule to set the sys_id of the group in assignment group field.
i hope this helps...
☑️ Please mark responses as HELPFUL or ACCEPT SOLUTION to assist future users in finding the right solution....
Hi @Sravani10
we are planning to integarte sentenal to servicenow .
so i go through the above document and servicenow document both are different now
Azure-Sentinel/Solutions/Servicenow/StoreApp/README.md at master · Azure/Azure-Sentinel · GitHub
which document is latest and I ned to follow to complete integration?
so I am stucked in the configuration
Here name,identity URL and azure resource manger I have doubt what I need to mentioned here
I am getting error once I filled all the details
could you please guide me on this
Regards
Shaik.Rabbani
