Forum Discussion
Solved
Logicapp to sync incident status between sentinel to Servicenow.
Hello, Looking for some pointers on how to sync the incident status from sentinel to servicenow. If the incident is marked as "Closed" in sentinel, I would like to close it on the service now too...
No problem
Understood, so i think here is a solution which ynchronize Incident closure from Sentinel to ServiceNow. By implementing it you should be able to close an Incident in AS and have it automatically close in SNow
https://eldar.cloud/2021/04/24/azure-sentinel-incident-sync-with-servicenow/
Hi you need to setup an incident bi-directional sync and it's documented here :
https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-incident-bi-directional-sync-with-servicenow/ba-p/1667771
A playbook to close AS incident from snow is available here :
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Close-SentinelIncident-fromSNOW
https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-incident-bi-directional-sync-with-servicenow/ba-p/1667771
A playbook to close AS incident from snow is available here :
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Close-SentinelIncident-fromSNOW
- Thanks for the quick response. I would like to create a logic app that will close the servicenow incident when the incident in Sentinel is marked as closed.
Above playbook will sync, when a close is triggered from Service now but not vice versa.No problem
Understood, so i think here is a solution which ynchronize Incident closure from Sentinel to ServiceNow. By implementing it you should be able to close an Incident in AS and have it automatically close in SNow
https://eldar.cloud/2021/04/24/azure-sentinel-incident-sync-with-servicenow/
