This app provides Microsoft Sentinel and ServiceNow integration, helping companies to manage their security incident from their prefered plateform and keep them in sync.
This integration includes the following key features:
- Retieve Microsoft Sentinel incidents and automate the creation of incidents in ServiceNow.
- Bi-directional sync of Status, Severity, Owner, Comments/Work notes, Entities and alerts.
- Details of alerts and entities added to Work Notes, to improve analyst experience.
- Filtering of Microsoft Azure Sentinel incidents, based on tags or custom filters.
- Support of multiple workspaces, with different incidents filters.
- Support any incident custom table, status or severity fields.
1.Bug fixes and additional logging
2.API Version updated from "2021-04-01" to "2024-03-01"
3. When incidents from Microsoft Defender XDR are closed, it adds "Redirected" tag to Sentinel incident and this incidents were missed to close incident on ServiceNow side so we added support for this.
4.Added support for Maitre Att&ck Techniques text support i.e example Sentinel API sends T1110 as Techniques value but it doesn't send the name along with this so we added support for this from ServiceNow AppUtils script include file code and it will now show Technique Text as "T1110 - Brute Force" on incident description file in ServiceNow. Sentinel uses 13.1 version of Maitre Att&ck for Tactics and Techniques. Currently we are not supporting Sub-Techniques in this release.
Minimum version of Servicenow platform is Paris and Quebec.