Forum Discussion
Microsoft Sentinel Integratrion with ServiceNow
Hi,
We are currently working on integration between Microsoft Sentinel and ServiceNow. Sentinel incidents are to be synced to ServiceNow where a ticket is created.
As it stands, when a Sentinel Incident is in 'New' state, a tickets is created in ServiceNow with all the necessary fields captured.
However if the Sentinel ticket is in 'Active' or 'Closed' state, a ticket is created in ServiceNow but none of the fields are captured.
In the configuration for ServiceNow the State to State mapping(Sentinel - ServiceNow) is present for all three states:
- New
- Active
- Closed
Therefore it is evident that there is integration between Sentinel and ServiceNow but there appears to be a problem somewhere which leads ServiceNow to not capture all the required fields when a Sentinel incident is in 'Active' or 'Closed' state.
Any assistance on this would be greatly appreciated
Hey PhatludiModiba
Check with ServiceNow, but there should be a an API reference that has been used between the integration between Sentinel and ServiceNow
From memory, you can add in your own custom status's within servicenow and im wondering if the status's havent been updated on the ServiceNow side to reflect the status updates against Sentinel Incidents
