Hi,
We are currently working on integration between Microsoft Sentinel and ServiceNow. Sentinel incidents are to be synced to ServiceNow where a ticket is created.
As it stands, when a Sentinel Incident is in 'New' state, a tickets is created in ServiceNow with all the necessary fields captured.
However if the Sentinel ticket is in 'Active' or 'Closed' state, a ticket is created in ServiceNow but none of the fields are captured.
In the configuration for ServiceNow the State to State mapping(Sentinel - ServiceNow) is present for all three states:
- New
- Active
- Closed
Therefore it is evident that there is integration between Sentinel and ServiceNow but there appears to be a problem somewhere which leads ServiceNow to not capture all the required fields when a Sentinel incident is in 'Active' or 'Closed' state.
Any assistance on this would be greatly appreciated
