CrowdStrike Next-Gen SIEM integration

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • The CrowdStrike Next-Gen SIEM integration automatically ingests detection data that may indicate potential security incidents and streamlines the creation of security incidents in the ServiceNow® Security Incident Response (SIR), ensuring timely and effective response.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Overview of CrowdStrike Next-Gen SIEM integration

    See the following graphic to learn how CrowdStrike Next-Gen SIEM integrates with the ServiceNow AI Platform Security Operations applications.


    How CrowdStrike Next-Gen SIEM integrates with the ServiceNow AI Platform.

    Key features

    Use the key features of this integration to do the following actions:
    • Discover CrowdStrike Next-Gen SIEM detections that are candidates for security incidents and automate the creation of these security incidents.
    • Map CrowdStrike Next-Gen SIEM defect and entity fields to SIR security incident fields.
    • Filter CrowdStrike Next-Gen SIEM defects.
    • Aggregate incidents to existing open security incidents so that you don't have to create duplicate security incidents.
    • Automate CrowdStrike Next-Gen SIEM detection status updates for Security Incident Response so that you can create and close security incidents.
      Note:
      ServiceNow updates the status of CrowdStrike Next-Gen SIEM detections based on the security incident creation or closure. This update also includes comments of aggregated detections and new detections.
    • Schedule detection ingestion to create security incidents periodically.
    • Synchronize CrowdStrike Next-Gen SIEM detection comments with SIR Work notes.