![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 83%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
971 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@Techno89 Thanks for reaching out. Azure sentinel integration is compatible with Rome version of Service now.
There are actually two ways of doing it, you can select either of them :
1) Pull method
It uses the Azure Sentinel API method. You can initiate this from the Service Now portal with Dedicated Azure Sentinel configuration. In this method you will need to create an application in Azure AD and grant it permission towards the log analytics workspace for your sentinel. All the details required for this have been given here :
https://docs.servicenow.com/bundle/quebec-security-management/page/product/secops-integration-sir/secops-integration-ms-azure-sentinel/task/configure-microsoft-azure-portal.html
You will need Service portal access, Azure AD admin credential for this process.
Follow this for a step by step process :
https://docs.servicenow.com/bundle/quebec-security-management/page/product/secops-integration-sir/secops-integration-ms-azure-sentinel/concept/microsoft-azure-sentinel-integration.html
Video : https://www.youtube.com/watch?v=LEWqi98fv3o&t=160s
2) Push method
In here you can create a logic app to take the incident once they are generated and then create a record in Service Now.
For this you need to have the permission for running the logic app and Service connection Instance information.
Service now is a dedicated connector in logic app so this method would be simple for you. But keep in mind that every time the logic app is run, you will be charged towards your azure subscription.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.