Forum Discussion
Logicapp to sync incident status between sentinel to Servicenow.
No problem
Understood, so i think here is a solution which ynchronize Incident closure from Sentinel to ServiceNow. By implementing it you should be able to close an Incident in AS and have it automatically close in SNow
https://eldar.cloud/2021/04/24/azure-sentinel-incident-sync-with-servicenow/
No problem
Understood, so i think here is a solution which ynchronize Incident closure from Sentinel to ServiceNow. By implementing it you should be able to close an Incident in AS and have it automatically close in SNow
https://eldar.cloud/2021/04/24/azure-sentinel-incident-sync-with-servicenow/
Hi all this is an interesting topic and something I am keen to know more about. So.....
We have a situation whereby we create an incident in ServiceNow (SIR) from an incident in Sentinel. which on a 1 on 1 basis is great. We close the incident in SIR it closes in Sentinel and the main platform which provided the information.
Then scenario 2
Incident is created in SIR. Another Alert is triggered which by example M365D says is linked to this and creates a Multi Stage / Main incident consisting of the initial incident and any that follow.
The problem being we dont want to close the first incident as that is being worked on. But Sentinel closes it (automatically) and states no entities and no alerts attached. As these have been moved to the main incident which is now compiling all the alerts as they flow through.
How do we get it to update the very first incident and not populate a new incident ID. Or even overwrite the initial Incident in SIR with a new name, new information from the now main incident.
hope that makes at least some sense.
