0
10.4.8
Yokohama, Xanadu, Washington DC, Vancouver
The Microsoft Graph Security API is an intermediary service (or broker) that provides a single programmatic interface to connect multiple security providers (Native to Microsoft and ServiceNow Partners).
The Microsoft Graph Security Alert Ingestion integration allows you to automatically retrieve alerts from multiple security providers, convert them into security incidents, and enable automated response actions.
This integration includes the following key features:
- Discovery of Microsoft Graph Security Alerts that are candidates for security incidents and automate the creation of security incidents.
- Mapping of alert fields to security incident fields.
- Aggregation of similar alerts to existing open security incidents instead of creating duplicate security incidents.
- Validate your mapping with a preview of the alert field values in a security incident.
- Automatic alert status update for SIR incident creation and closure.
- Setup scheduled ingestion of alerts to create security incidents periodically.
- The dependency on the new UI is removed.
Minimum version of the ServiceNow platform:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If necessary privileges are not available, raise a support ticket for installing those.
- After installing the above, install the Event and Alert Ingestion for Security Operations (com.snc.secops.event_ingestion) plugin, which is dependent on the Security Incident Response plugin and the Security Incident Response UI.