3
1.0.0
Zurich, Yokohama, Xanadu
Integration
SOCRadar Integration automatically imports threat intelligence alarms from SOCRadar into ServiceNow incidents. It provides bidirectional synchronization for status, comments, and severity between both platforms. Security teams can manage SOCRadar alarms directly within their existing ITSM workflows without leaving ServiceNow.
Key features:
Key features:
- Automated alarm import via scheduled job (every 5 minutes)
- Bidirectional status sync (ServiceNow state changes reflect in SOCRadar)
- Comment sync (work notes sent to SOCRadar as comments)
- Severity sync (priority changes update SOCRadar alarm severity)
- Configuration page for API setup, connection testing, and import management
- Dashboard with 5 widgets for alarm visibility
- No custom tables — lightweight, zero impact on table entitlements
- Integration with SOCRadar Incidentv4 API
- Automatic creation of Incidents from SOCRadar Alarms
- Bi-directional status synchronization
- Configurable severity mapping
Version 1.0.0
-
Initial release of SOCRadar ServiceNow Integration
-
Alarm ingestion via REST API
-
Automatic Incident creation
-
Status update synchronization
- ServiceNow instance (Washington DC or later recommended)
- Active SOCRadar subscription
- Valid SOCRadar API Key and Company ID
- Outbound internet access to SOCRadar API endpoint
-
-
Integration user with appropriate roles:
-
x_socradar.integration_admin (custom role)
-
itil (for incident creation)
-
-
Network firewall allowance for SOCRadar API endpoint
-
API rate limit awareness
-