Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Azure Sentinel Incident Field Mapping

Karlie01
Tera Contributor

‎10-15-2024 08:35 AM

Hi all,

 

I have installed Microsoft Azure Sentinel Incident Ingestion Integration For Security Operations.

 

I have mapped the ${Account: properties(accountName)}$ from the Account Entity Fields to the Affected user within the Azure Sentinel Incident Profile.

 

The accountName is listed as an Employee number but I need this as a Name. I have attempted this within the Azure Sentinel Field Translation but it's not populating the Name.  

 

var user = new GlideRecord('sys_user');

user.addQuery('employee_number', sourceValue);

user.query();

 

while (user.next()) {

 

    destinationValue = user.sys_id;

 

}

 

Any help would be much appreciated.

0 Helpfuls
  • 1,414 Views
5 REPLIES 5

vamshi krishna4
Giga Guru

‎10-23-2024 06:01 AM

i saw many incidents in sentinel which has multiple account entities, but in servicenow i checked the checkbox next to affected user mapping which should add the affected users in the related list in incident form, but i think its not working as expected

0 Helpfuls