0
4.0.1
Australia, Zurich, Yokohama
Standalone Application
The Microsoft Defender integration for ServiceNow Security Operations ingests alerts and incidents into the ServiceNow Security Incident Response (SIR) platform for centralized case management. Bi-directional synchronization keeps status and work notes aligned across both platforms, ensuring teams working in either system maintain consistent information without discrepancies.
This integration includes the following key features:
- Create flexible event‑forwarding profiles to ingest Microsoft Defender incidents into ServiceNow SIR.
- Ingest historical, ongoing, new, and updated notable events on configurable intervals.
- Filter out noisy or low‑value alerts and bring only actionable notable events into SIR.
- Map Microsoft Defender incident, alert, and event fields directly to SIR security incident fields.
- Bi-directional synchronization of status, and work notes between Microsoft Defender and ServiceNow SIR.
Fixed :
- SIRs are not created from SIEM ingestion due to "Secure Notes" access issue to Crypto module since the Yokohama upgrade was fixed.
- Access issues for Security Analyst on querying tables.
- Security fixes.
To install the integration, perform the following step:
- Install the Security Incident Response plugin.