Security teams today are inundated with alerts and information from
a growing number of siloed point solutions. Furthermore, manual
processes and cross-team handoffs hinder the security team’s ability
to efficiently respond to attacks.
To help solve this challenge, ServiceNow® has developed an
integration to connect with different Microsoft security technologies
like Azure Sentinel, Microsoft Defender Advanced Threat Protection,
Azure Advanced Threat Protection, and more via Microsoft Graph. This
enables customers to bring rich insights from Azure Sentinel and other Microsoft
products into ServiceNow Security Operations. Customers can manage and
respond to security incidents centrally from within the Now Platform®.
Streamlining security incident creation
With this integration using the Microsoft Graph Security API,
security alerts will be ingested into ServiceNow Security Operations
to automatically create security incidents in ServiceNow Security
Alert Ingestion profiles ensure comprehensive mapping of details in
the alert to Security Incident artifacts and trigger playbooks in
ServiceNow to orchestrate, triage, investigate and response actions.
This automation of responses to alerts enables quality and
consistency of security investigations and scales security incident teams.
Applying the power of the Now Platform® Configuration Management
Database (CMDB) to map threats, security incidents, and
vulnerabilities to business services and IT infrastructure, to
ServiceNow Security Operations enables prioritization and risk scoring
based on business impact, allowing security teams to focus on what is
most critical to their business.
Using built-in workflows, ServiceNow routes incidents to the correct
personnel or response tools to contain, mitigate or remediate threats.
Post-incident reporting, customizable dashboards and metrics help
teams gain insights into process workings and drives continuous
improvement of the overall security profile.
The Microsoft Graph
Security API is an intermediary service (or broker) that
provides a single programmatic interface to connect multiple security
providers (Native to Microsoft as well as ServiceNow Partners).
Microsoft Azure Sentinel is a scalable, cloud-native, security
information event management (SIEM) and security orchestration
automated response (SOAR) solution. Discover other Microsoft security
products included with this single integration with the Microsoft
Graph Security API.
Accelerating digital transformation for customers
Together, Microsoft and ServiceNow will accelerate digital
transformation for enterprise and government customers. We
announced a strategic partnership in July which will move
ServiceNow workloads to Microsoft Azure for highly regulated
industries. The strength of our relationship is felt by customers
today with more than 20 integrations available between Microsoft and
ServiceNow. Here is a sample of other recent integrations:
For more information on these and other integrations, visit ServiceNow’s Security
Operations Community blog posts and ServiceNow
store. For more information on the integration, click
here to join the discussion on ServiceNow Security Operations and
Microsoft Azure Sentinel.
© 2019 ServiceNow, Inc. All rights reserved. ServiceNow, the
ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or
registered trademarks of ServiceNow, Inc., in the United States and/or
other countries. Other company and product names may be trademarks of
the respective companies with which they are associated.
Use of Forward‑Looking Statements
This blog contains “forward‑looking statements” regarding our
future plans and performance. Forward‑looking statements are subject
to known and unknown risks and uncertainties and are based on
potentially inaccurate assumptions that could cause actual results
to differ materially from those expected or implied by the
forward‑looking statements. If any such risks or uncertainties
materialize or if any of the assumptions prove incorrect, our
results could differ materially from the results expressed or
implied by the forward‑looking statements we make. Factors that may
cause actual results to differ materially from those in any
forward‑looking statements include: (i) the timing of the general
availability release of the beta integration, (ii) our ability to
integrate with the Microsoft security technologies described herein
and (iii) changes made to the beta integration prior to the general
availability release. We undertake no obligation, and do not intend,
to update these forward‑looking statements.