Microsoft Security Response Center Spoke

  • Release version: Zurich
  • Updated September 2, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Microsoft Security Response Center Spoke

    The Microsoft Security Response Center (MSRC) Spoke integrates the Microsoft Security Response Center API with your ServiceNow instance. This integration enables you to investigate reports of security vulnerabilities affecting Microsoft products and services, facilitating effective security risk management and system protection.

    Show full answer Show less

    The spoke requires an Integration Hub subscription and is compatible with Microsoft Security Response Center API version 2020 and potentially later versions. The latest available version of the spoke is 1.3.0.

    Key Features

    • Security and Abuse Management Actions:
      • Submit Abuse Report: Sends reports to the Microsoft Computer Emergency Response Team using the Common Abuse Reporting System (CARS).
      • Get Security Update Details: Retrieves detailed information about specific CVRF (Common Vulnerability Reporting Framework) IDs.
      • Look up Security Updates: Lists all Microsoft security updates or filters updates by ID, CVE, or year.
    • AI Agent Integration: The spoke includes standalone AI agents, such as the Microsoft Security Response Center security manager, which can retrieve security update details based on various criteria. These AI agents can be incorporated into agentic workflows within ServiceNow to automate and enhance security operations.
    • Connection and Credential Management: Utilizes Integration Hub aliases for managing connection and credential profiles, including OAuth credentials. This simplifies configuration across multiple environments and eliminates the need to update each action individually when connection details change.

    Prerequisites and Dependencies

    • An Integration Hub subscription is required to use this spoke.
    • Dependent plugins must be installed, including:
      • IntegrationHub Action Step - REST
      • Complex Object plugin
      • IntegrationHub Runtime
    • Some plugins may require additional licenses if used outside the spoke implementation.

    Practical Benefits for ServiceNow Customers

    • Automates the investigation and management of Microsoft security vulnerabilities directly within ServiceNow.
    • Facilitates timely submission of abuse reports, improving response to security incidents.
    • Enables retrieval and tracking of Microsoft security updates for proactive risk management.
    • Leverages AI agents to enhance workflow automation and decision-making in security operations.
    • Simplifies credentials and connection management across environments, reducing administrative overhead.

    Next Steps

    To implement this spoke, ensure you have the necessary Integration Hub subscription and dependent plugins installed. Configure connection and credential aliases for seamless integration. Consider incorporating the Microsoft Security Response Center AI agents into your agentic workflows to maximize automation and operational efficiency.

    Integrate the Microsoft Security Response Center API with your ServiceNow instance to investigate all reports of security vulnerabilities affecting the Microsoft products and services, and gather information to manage security risks and keep the system protected.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Integration Hub subscription

    This spoke requires an Integration Hub subscription. For more information, see Legal schedules - IntegrationHub overview.

    Spoke version

    Microsoft Security Response Center spoke v1.3.0 is the latest version.

    Supported versions

    This spoke was built for Microsoft Security Response Center API version 2020, but may be compatible with later versions.

    Spoke dependencies

    If you’re having trouble installing the app, ensure that these dependent plugins are installed:
    • ServiceNow IntegrationHub Action Step - REST (com.glide.hub.action_step.rest)
    • Complex Object (com.glide.cobject)
    • ServiceNow IntegrationHub Runtime (com.glide.hub.integration.runtime)
    Note:
    Some of these plugins are licensable features and require appropriate licenses, if used outside the spoke implementation.

    Spoke actions

    The Microsoft Security Response Center spoke provides actions to automate tasks when events occurs in your ServiceNow instance. Available actions include:

    Category Action Description
    Abuse Management Submit Abuse Report Submits report to the Microsoft Computer Emergency Response Team using the Common Abuse Reporting system (CARS).
    Security Management Get Security Update Details Retrieves information about the specific CVRF ID.
    Look up Security Updates Retrieves the list of all Microsoft security updates.
    Look up Security Updates By Key Retrieves the list of security updates based on the provided ID, CVE, or year.

    Available AI agents

    Install Now Assist for Integration Hub and start using the available AI agents. For more information, see Now Assist for Integration Hub.

    This spoke provides standalone AI agents that mimic human-like intelligence to perform tasks in your ServiceNow instance.
    • In the ServiceNow agentic system, you can create an agentic workflow that comprises of a set of large language model (LLM) instructions along with one or more standalone AI agents to execute an objective. See Create an agentic workflow for information about adding AI agents to create agentic workflows as per your requirement and provide the required trigger.

      You can also search for other available AI agents and add them to your agentic workflow. See Find AI agents for more information.

    • You can create a clone of the required spoke AI agent and customize it as per your requirement. See Duplicate an AI agent for more information about creating a clone.
    • See Now Assist AI agents for information about AI agents.

    Available AI agent is Microsoft Security Response Center security manager. This AI agent retrieves details of the security updates based on the provided ID, CVE, or year.

    Looking for an AI agent?
    • There might be AI agents installed with the Now Assist application that are not used in agentic workflows. To learn how to see all agents that are available on your instance, see Find AI agents.
    • To find agents that might not be installed on your instance, visit the AI Agent Marketplace on the ServiceNow Store.
    Note:
    Ensure that the user running an AI agent has the required roles and permissions to access data or perform operations on data in the table that is associated with the AI agent.

    Connection and credential alias requirements

    Integration Hub uses aliases to manage connection and credential information, and OAuth credentials. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using multiple environments. If the connection or credential information changes, you don't need to update any actions that use the connection.

    For information about setting up the spoke, see Set up the Microsoft Security Response Center spoke.