Mapping of alert fields for Microsoft Graph Security API alert ingestion integration
-
- UpdatedJan 30, 2025
- 1 minute read
- Yokohama
- Security Incident Response integrations
After you identify the sources for scheduled alert ingestion, the next step is to map individual alert fields to the fields on a ServiceNow AI Platform SIR security incident.
For the mapping step, you must first ingest sample alerts from the Microsoft Azure tenant. Then you must ensure that all relevant alert field data is mapped to the appropriate place on the SIR incident form and then visualize the SIR incident in the preview section.
Mapping of the sample alert fields involves the following: