Guidance Needed: Setting Up Microsoft Azure Sentinel Integration in PDI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello Everyone,
I am currently working on integrating Microsoft Azure Sentinel with my Personal Developer Instance (PDI).
I have already installed the "Microsoft Azure Sentinel Incident Ingestion Integration for Security Operations" plugin in my PDI, but I am encountering difficulties establishing a connection with Microsoft Azure.
Could anyone provide a step-by-step guide or share best practices for setting up this integration in a PDI environment?
Thank you in advance for your support!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello @anshul_goyal,
https://techcommunity.microsoft.com/blog/microsoftsentinelblog/whats-new-introducing-microsoft-senti...
https://www.servicenow.com/docs/bundle/zurich-security-management/page/product/secops-integration-si...
https://www.servicenow.com/docs/bundle/washingtondc-security-management/page/product/secops-integrat...
https://www.youtube.com/watch?v=mqtPcyV1Gco
If this helped to answer your query, please mark it helpful & accept the solution.
Thanks
Santosh.p
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello @anshul_goyal ,
Step by step guide below...
Pre requisites >>> Ensure your PDI is on a supported version (e.g., Zurich or later) and has the Security Incident Response plugin installed.....
* Install the Integration: From the ServiceNow Store, install the "Microsoft Azure Sentinel Incident Ingestion Integration for Security Operations" plugin...
* Azure Configuration: Register an Azure AD application (service principal) in your Azure portal with the necessary permissions to access Sentinel data....
*ServiceNow Configuration: In ServiceNow, navigate to the integration settings and provide the Azure AD application credentials (Client ID, Client Secret, Tenant ID)...
* Create Incident Profiles: Define which Azure Sentinel incidents should be ingested into ServiceNow by creating and configuring incident profiles....
* Map Fields: Map relevant fields between Azure Sentinel and ServiceNow to ensure correct data transfer.
Set Up Synchronization: Configure the frequency of data synchronization and any necessary filters to manage the volume and relevance of ingested incidents....
* Testing: Test the integration by generating a sample incident in Azure Sentinel and verifying its appearance and accuracy in ServiceNow....
If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.
Kaushal Kumar Jha - ServiceNow Consultant - Lets connect on Linkedin: https://www.linkedin.com/in/kaushalkrjha/
