0
4.0.0
Australia, Zurich, Yokohama
Standalone Application
The Microsoft Defender integration for ServiceNow Security Operations ingests alerts and incidents into the ServiceNow Security Incident Response (SIR) platform for centralized case management. Bi-directional synchronization keeps status and work notes aligned across both platforms, ensuring teams working in either system maintain consistent information without discrepancies.
This integration includes the following key features:
- Create flexible event‑forwarding profiles to ingest Microsoft Defender incidents into ServiceNow SIR.
- Ingest historical, ongoing, new, and updated notable events on configurable intervals.
- Filter out noisy or low‑value alerts and bring only actionable notable events into SIR.
- Map Microsoft Defender incident, alert, and event fields directly to SIR security incident fields.
- Bi-directional synchronization of status, and work notes between Microsoft Defender and ServiceNow SIR.
New:
- The Microsoft Defender integration allows you to automatically retrieve incidents from Microsoft Defender, convert them into security incidents, and enable automated response actions.
To install the integration, perform the following step:
- Install the Security Incident Response plugin.