Create an incident profile in your ServiceNow AI Platform instance and determine the Microsoft Azure Sentinel incidents that are suitable for creating security incidents.

Before you begin

Role required: sn_si.admin

About this task

The integration enables you to create different types of incidents, such as unauthorized access attempts and malware. These incidents are created based on the profiles that you configure in the ServiceNow AI Platform instance. All incidents are initially created for a configured incident type in a profile. Created incidents can then be further filtered to specify which incidents create security incidents.

All incidents that meet the selection criteria in your Microsoft Azure tenant, and are available over the Microsoft Azure Sentinel API, are initially ingested into your ServiceNow AI Platform instance.

Procedure

  1. Navigate to All > Microsoft Azure Sentinel Integration > Azure Sentinel Incident Profile.
  2. Click New.
  3. On the form, fill in the fields.
  4. To move to the Mapping section, click Continue.

What to do next

Map individual Microsoft Azure Sentinel incident fields to the fields on the ServiceNow AI Platform SIR security incident.