Security Incident Response integrations

The base system includes a series of "cards" for each of the integration implementations you can activate and use. Also, cards are displayed for any integrations posted on the ServiceNow Store that have dependencies on Security Operations plugins. The integration cards can be viewed by selecting Security Operations > Integration Configurations.

You can filter the visible integrations using the Category drop-down menu. The Show Configurations drop-down menu lets you see multiple instances of implementations that allow their creation.

Integration cards display different buttons depending on the current state of the integration and the source of the card.

Button	Description
Install Plugin	Click this button to install the applicable plugin to activate the integration. After the plugin is installed, the button changes to Configure.
Configure	Click this button to enter information for configuring the integration. For some integrations, you may need to enter API keys or URLs acquired from the website of the third-party integration.
New	Certain integrations, such as Carbon Black and IBM QRadar, allow you to define multiple implementations of the same integration. For those integrations, click New after the plugin is activated. The cards allow you to install plugins (where applicable) and configure the implementations for use.
Open Page	In the base system, your instance performs a query to the ServiceNow Store for any applications that have dependencies on Security Operations plugins. When those applications are found, and the associated application plugins are activated, integration cards for them are displayed with the other security integration cards. Click Open Page to access the website of the third-party application to configure the integration. After you have completed the configuration, the Open Page button changes to Configure.