Connect ServiceNow ITSM to Defender for Cloud

Connect Microsoft Defender for Cloud to ServiceNow’s IT Service Management (ITSM) module to improve incident management and remediation. The integration lets you create and track ServiceNow tickets that are linked to Defender for Cloud security recommendations, helping your teams respond efficiently to issues across Azure, hybrid, and multicloud environments.

This article shows how to connect your ServiceNow account to Defender for Cloud.

Prerequisites

Before you connect ServiceNow to Defender for Cloud, make sure you:

• Have an application registry in ServiceNow to generate a client ID and secret for authentication.

• Enable Defender Cloud Security Posture Management (CSPM) on your Azure subscription.

• Have of the following Azure role:

  • Security Admin
  • Contributor
  • Owner

Connect a ServiceNow account to Defender for Cloud

To connect a ServiceNow account to a Defender for Cloud account:

1. Sign in to the Azure portal.

2. Navigate to Microsoft Defender for Cloud > Environment settings.

3. Select Integrations.

   

4. Select Add integration > ServiceNow.

   

5. Enter a name, select the scope, enter the instance URL, User name, Password, Client ID, and client secret that you created for the application registry in the ServiceNow portal.

6. Select Next.

7. Select which fields to include for the Incident, Problem, and Change tables using the drop-down menus.

   

8. Select Save.

You'll see a confirmation notice after the integration is created.

Next steps

• Create a ticket in Defender for Cloud

• Automate ticket creation using governance rules