Connect ServiceNow ITSM to Defender for Cloud
Microsoft Defender for Cloud's integration with ServiceNow's IT Service Management (ITSM) module, allows customers to connect their Defender for Cloud accounts to ServiceNow. ServiceNow is a powerful workflow automation and enterprise solution that helps organizations streamline and automate routine tasks, improving operational efficiencies and increasing productivity. By integrating ServiceNow with Defender for Cloud, customers can prioritize the remediation of recommendations that affect their business. This integration allows you to create and view ServiceNow tickets linked to recommendations directly from Defender for Cloud, which facilitates efficient incident management.
Prerequisites
Have an application registry in ServiceNow.
Enable Defender Cloud Security Posture Management (CSPM) on your Azure subscription.
The following roles are required:
- To create the integration: Security Admin, Contributor, or Owner.
Connect a ServiceNow account to Defender for Cloud
To connect a ServiceNow account to a Defender for Cloud account:
Sign in to the Azure portal.
Navigate to Microsoft Defender for Cloud > Environment settings.
Select ServiceNow.
Select Add integration > ServiceNow.
Enter a name and select the scope.
In the ServiceNow connection details, enter the instance URL, name, password, client ID, and client secret that you created for the application registry in the ServiceNow portal.
Select Next.
Select Incident data, Problems data, and Changes table from the drop-down menus.
Select Save.
A notice appears after successful creation of integration.