I have installed the Microsoft Sentinel Bi-directional incidents sync between Microsoft Sentinel and ServiceNow.
A few things I'm having an issue with.
- Comments from Sentinel are not displaying in ServiceNow (however ServiceNow work notes are appearing in Sentinel). I see a business rule with custom mappings, do we need to set comments up in this business rule?
- We have the default Incident filter set to so the tag of "snow" will filter in Incidents. Not all Sentinel Incidents with this tag are coming into ServiceNow
Here's an example that didn't filter into servcienow:Here's one that did:
Any help would be greatly appreciated.
The application uses the following business rules:
- add_work_note_to_sentinel: sycnhronizes work notes to sentinel comments can you verify the configuration as shown in the screenshot below
information source: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-introducing-microsoft-sent...
If my response helps to solve your issue kindly mark it as helpful & correct.
@rabbanis , this is a configuration under 'Microsoft Azure Sentinel System Properties ->Table where the Azure Sentinel incidents will be created' but this would ideally be pointed to Incident or Security Incident based on the Integration & your subscription to Security Incident (SIR) Module.
Hello All,
Hi
we are planning to integarte sentenal to servicenow .
so i go through the above document and servicenow document both are different now
Azure-Sentinel/Solutions/Servicenow/StoreApp/README.md at master · Azure/Azure-Sentinel · GitHub
which document is latest and I ned to follow to complete integration?
so I am stucked in the configuration
Here name,identity URL and azure resource manger I have doubt what I need to mentioned here
I am getting error once I filled all the details
could you please guide me on this
Regards
Shaik.Rabbani
