Install and configure the Microsoft Azure Sentinel integration

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • Install and configure the Microsoft Azure Sentinel integration from the ServiceNow Store on your ServiceNow AI Platform instance to start ingesting Azure Sentinel incidents.

    Before you begin

    Role required: sn_si.admin

    Procedure

    1. Download the Microsoft Azure Sentinel integration from the ServiceNow Store and install it.
    2. Navigate to Security Operations > Integrations > Integration Configurations.
    3. Search for the Microsoft Azure Sentinel tile and click Configure.
    4. On the form, fill in the fields.
      Table 1. Microsoft Azure Sentinel - Incident Ingestion Configuration form
      Field Description
      Name Name for the Microsoft Azure Cloud instance configuration.
      Identity URL Identity URL for the Microsoft Azure Cloud tenant. For example, login.microsoftonline.com. For additional information, see Microsoft Azure documentation.
      Azure Resource Manager Azure Resource Manager Endpoint for Microsoft Azure Cloud tenant. For example, management.azure.com. For additional information, see Microsoft Azure documentation.
      Tenant ID Microsoft Azure Sentinel Tenant ID. This is the instance from which all the incidents in the Microsoft Azure portal are retrieved.
      Client ID Client ID for the application that you’ve registered in the Microsoft Azure portal.
      Client Secret Client secret for your registered application.
      Subscription ID Subscription ID for your registered application.
      Resource Group Name Resource group name for your registered application.
      Workspace Name Workspace name for your registered application.
    5. Click Submit.

    Result

    After you successfully validate and submit the configuration, each incident ingestion server configuration is saved on the Security Integrations page as a tile.