How we can integrate service now with Sentinel using push method in details.

Lata Singh, Sindhu 1 Reputation point
2021-11-17T09:36:19.227+00:00

How we can integrate service now with Sentinel using push method in details.

What information needs to be configured at Azure sentinel and Service Now to make the communication (authentication) and how we can achieve the required configuration field information that needs to be configured at the both end (Sentinel and Service Now).

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,221 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. VipulSparsh-MSFT 16,301 Reputation points Microsoft Employee
    2021-11-17T11:40:40.723+00:00

    @Lata Singh, Sindhu You can check the following steps :

    1) Permission Required for Service Now portal
    The admin role installs the integration from the ServiceNow Store and assigns the sn_si.admin role.
    The sn_si.admin role performs the following tasks:
    Configures the integration.
    Creates incident profiles.
    Maps Microsoft Azure Sentinel incident data fields to the security incident fields.
    Schedules on-going incident ingestion.
    Enables incident updates when a Security Incident Response incident is created or closed.
    Assigns the security incident analyst (sn_si.analyst) role.

    2) Permission required for Azure Active Directory Portal

     Application developer for registering the application.  
     Global administrator for granting permissions to the application by calling the admin consent endpoint.       
     If the global admin can create and grant permission for the Azure AD APP, then I do not require this permission.   
    

    3) Verify that the ServiceNow core applications that are required to support the integration are installed and activated before you configure this integration. (The default Sentinel Integration plugin support from Service now Rome Version)

    4) Register and configure your application in the Microsoft Azure portal.

    Step by Step Process to Follow :

    Service now Document : https://docs.servicenow.com/bundle/rome-security-management/page/product/secops-integration-sir/secops-integration-ms-azure-sentinel/task/get-started-with-microsoft-azure-sentinel-integration.html

    Follow the document with different sections step by step :

    150195-image.png


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.