Chapter 12: ServiceNow Integration

As you have read so far, Azure Sentinel is a powerful solution for gathering logs and threat intelligence, and for discovering threats across your entire environment. However, this is only part of the solution required to run a Security Operations Center (SOC). When a security alert is raised in Azure Sentinel, the SOC may need assistance from several other teams in order to investigate the issue, mitigate the threat, and remediate any impact caused.

In order to coordinate these activities, organizations utilize a service management platform, such as ServiceNow, to create cases and track the progress being made by each team. While this chapter is focused on the specifics of using the ServiceNow platform, the ...

Get Learn Azure Sentinel now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learn Azure Sentinel by Richard Diver, Gary Bushey

Chapter 12: ServiceNow Integration

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly