Sentinel to Service Now stack

Brass Contributor

Hey gurus,

 

Is anyone using a Sentinel and SNow stack? 

 

Wondering what your experience is like with alert ingestion.

 

Tried the SNow Sentinel plugin but that had up to 25 minutes delay in most cases and new alerts added to a Sentinel incident were not ingested.

 

Currently using logic apps which seems to work OK but wondered if anyone else is using a different method?

 

 

1 Reply

hello @danielmasters 

I was looking at the settings again as an example of this video

https://www.youtube.com/watch?v=LEWqi98fv3o&ab_channel=ServiceNowCommunity

if you observe it has a delay of 2 minutes, or also open a ticket in microsoft/service now

if you liked it mark the answer with a like.
if you thought this answer helped in any way please mark it as best answer