Create automatic tickets with governance rules
The integration of ServiceNow's IT Service Management (ITSM) module and Defender for Cloud allow you to create governance rules that automatically open tickets in ServiceNow for specific recommendations or severity levels. ServiceNow tickets can be created, viewed, and linked to recommendations directly from Defender for Cloud, enabling seamless collaboration between the two platforms and facilitating efficient incident management.
Prerequisites
Have an application registry in ServiceNow.
Enable Defender Cloud Security Posture Management (CSPM) on your Azure subscription.
The following roles are required:
- To create an assignment: Admin permissions to ServiceNow.
Assign an owner with a governance rule
You can create a rule to automatically assign an owner to a recommendation in Defender for Cloud. This rule is based on the recommendation's severity or recommendation.
Sign in to the Azure portal.
Navigate to Microsoft Defender for Cloud > Environment settings.
Select Governance rules.
Select Create governance rule.
Enter a rule name and select a scope.
Select ServiceNow In the Type field.
Enter a priority.
Select and integration instance.
Select a ServiceNow ticket type.
Select Next.
Select either:
- By Severity and the severity level.
- By recommendation and the recommendation.
Select an owner.
Select a remediation timeframe.
(Optional) Toggle the switch to apply a grace period.
(Optional) Set email notifications.
Select Create.