8
1.0.19
Yokohama, Xanadu, Washington DC, Vancouver
This app provides Microsoft Sentinel and ServiceNow integration, helping companies to manage their security incident from their prefered plateform and keep them in sync.
This integration includes the following key features:
- Retieve Microsoft Sentinel incidents and automate the creation of incidents in ServiceNow.
- Bi-directional sync of Status, Severity, Owner, Comments/Work notes, Entities and alerts.
- Details of alerts and entities added to Work Notes, to improve analyst experience.
- Filtering of Microsoft Azure Sentinel incidents, based on tags or custom filters.
- Support of multiple workspaces, with different incidents filters.
- Support any incident custom table, status or severity fields.
1. When we filter data from the Sentinel REST API, then it doesn't give mergedincidentnumber and mergedincidenturl. These properties are available only when we get specific API details and are part of the 2025-01-01-preview and 2024-01-01-preview API versions. So we are handling this in code. Stable version of the Sentinel incident apis are not giving this details.
2. Few code customization
Minimum version of Servicenow platform is Paris and Quebec.