Forum Discussion
Solved
Logicapp to sync incident status between sentinel to Servicenow.
Hello,
Looking for some pointers on how to sync the incident status from sentinel to servicenow. If the incident is marked as "Closed" in sentinel, I would like to close it on the service now too.
Since the Sentinel triggers are either on Alert creation or Incident creation, neither will fire when an incident is updated. Can you please share some info on how I can accomplish this?
Thanks
Ramesh
No problem
Understood, so i think here is a solution which ynchronize Incident closure from Sentinel to ServiceNow. By implementing it you should be able to close an Incident in AS and have it automatically close in SNow
https://eldar.cloud/2021/04/24/azure-sentinel-incident-sync-with-servicenow/
- Hi you need to setup an incident bi-directional sync and it's documented here :
https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-incident-bi-directional-sync-with-servicenow/ba-p/1667771
A playbook to close AS incident from snow is available here :
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Close-SentinelIncident-fromSNOW- Thanks for the quick response. I would like to create a logic app that will close the servicenow incident when the incident in Sentinel is marked as closed.
Above playbook will sync, when a close is triggered from Service now but not vice versa.No problem
Understood, so i think here is a solution which ynchronize Incident closure from Sentinel to ServiceNow. By implementing it you should be able to close an Incident in AS and have it automatically close in SNow
https://eldar.cloud/2021/04/24/azure-sentinel-incident-sync-with-servicenow/
