After you identify the sources for scheduled alert ingestion, the next step is to map individual alert fields to the fields on a ServiceNow AI Platform SIR security incident.

For the mapping step, you must first ingest sample alerts from the Microsoft Azure tenant. Then you must ensure that all relevant alert field data is mapped to the appropriate place on the SIR incident form and then visualize the SIR incident in the preview section.