I have installed the Microsoft Sentinel Bi-directional incidents sync between Microsoft Sentinel and ServiceNow.
A few things I'm having an issue with.
- Comments from Sentinel are not displaying in ServiceNow (however ServiceNow work notes are appearing in Sentinel). I see a business rule with custom mappings, do we need to set comments up in this business rule?
- We have the default Incident filter set to so the tag of "snow" will filter in Incidents. Not all Sentinel Incidents with this tag are coming into ServiceNow
Here's an example that didn't filter into servcienow:Here's one that did:
Any help would be greatly appreciated.
1 ACCEPTED SOLUTION
The application uses the following business rules:
- add_work_note_to_sentinel: sycnhronizes work notes to sentinel comments can you verify the configuration as shown in the screenshot below
information source: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-introducing-microsoft-sent...
If my response helps to solve your issue kindly mark it as helpful & correct.
The application uses the following business rules:
- add_work_note_to_sentinel: sycnhronizes work notes to sentinel comments can you verify the configuration as shown in the screenshot below
information source: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-introducing-microsoft-sent...
If my response helps to solve your issue kindly mark it as helpful & correct.
