Create an approval group

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Create an approval group for the CrowdStrike Falcon Insight for Security Operations integration that can approve requests for isolating host machines, restoring them to the network, and initiating sightings searches.

    Before you begin

    You can't reassign the approval authority to a group, unless an approval group is available in your instance.
    Note:
    The approvals option in the profile configuration appears only for Isolate Host and Remove Host Isolation capabilities.

    Role required: admin

    Procedure

    1. Navigate to All > User Administration > Groups.
    2. In the groups list, click New.
    3. On the form, fill in the fields.
      Table 1. Approval group form
      Field Description
      Name Name of the group that you see when you submit an approval request.
      Group email Group email distribution list or the email address of the point of contact, such as the group manager.
      Manager Name of the group manager. Click the search icon to view the list.
      Parent Name of the parent group, if associated with a parent.
      Type Categories of groups.
      Vendors vendor_manager role that you assign to users in your organization's vendor management process.
      Description Additional information about the group.
    4. Click Submit.
      The new group is displayed in the Groups list.

      This group is available to process requests when you enable the Require approval option during the configuration of this profile.

      To monitor and process requests submitted by users with the sn_si.analyst role, each member of the approval group navigates to My Approvals tab in the ServiceNow AI Platform.

    What to do next

    The next step is to install and configure the CrowdStrike Falcon Insight application from the ServiceNow Store.