Connection Issue: Microsoft Graph Security API Alert Ingestion for Security Operations

Saranyaj · ‎02-27-2024

Hi,

we are currently facing a connection issue while integrating ServiceNow with the Azure microsoft0365 application.

We have completed the application registration in the Azure and granted the API Permission "SecurityEvents.ReadWrite.All" as mentioned in ServiceNow Docs page. After entering the details of Azure application in integration configuration, we had submitted the integration configuration record but the connection was not successful. As per the docs, the only API Permission required is "SecurityEvents.ReadWrite.All" but when establishing the connection it still fails.

Version: Vancouver

Steps to Reproduce:

1. Login to ServiceNow

2. Navigate All > Security Operations > Integration > Integration Configurations

3. Search for "Microsoft Graph Security API - Alert Ingestion" and click on Configure

4. Enter the details - Name, Tenant ID, Client ID, Client Secret.

5. Click Submit

Please find the attached screenshot on connection error. If anyone else had faced the same issue, please help us with next steps.

Thanks,

Saranya

Kireetivvs · ‎02-27-2024

If the integration is on version 10.4.6 or higher, only the 'SecurityAlert.ReadWrite.All' permission is needed. For older versions, the 'SecurityEvents.ReadWrite.All' permission is required.

View solution in original post

Kireetivvs · ‎02-27-2024

If the integration is on version 10.4.6 or higher, only the 'SecurityAlert.ReadWrite.All' permission is needed. For older versions, the 'SecurityEvents.ReadWrite.All' permission is required.

Saranyaj · ‎02-27-2024

Thanks, Let me give it a try and update