Merge pull request #268075 from ElazarK/ms-servicenow

servicenow added

Author: v-dirichards

articles/defender-for-cloud/TOC.yml

@@ -213,13 +213,22 @@
         href: permissions-management.md
       - name: Agentless machine scanning
         href: concept-agentless-data-collection.md
-      - name: Supported resource types for multicloud in Foundational CSPM
-        href: multicloud-resource-types-support-foundational-cspm.md  
       - name: Integrations
         items:  
-        - name: ServiceNow integration
-          displayName: CSPM, cloud security, posture, management, ServiceNow
-          href: integration-servicenow.md
+        - name: ServiceNow
+          items:
+          - name: ServiceNow integration with Defender for Cloud
+            displayName: CSPM, cloud security, posture, management, ServiceNow
+            href: integration-servicenow.md
+          - name: Connect ServiceNow to Defender for Cloud
+            displayName: CSPM, cloud security, posture, management, ServiceNow
+            href: connect-servicenow.md
+          - name: Create a ticket in Defender for Cloud 
+            displayName: CSPM, cloud security, posture, management, ServiceNow
+            href: create-ticket-servicenow.md
+          - name: Create automatic tickets with governance rules
+            displayName: CSPM, cloud security, posture, management, ServiceNow
+            href: create-governance-rule-servicenow.md
       - name: Common questions 
         displayName: questions, common, CSPM, agentless scanning, faq, frequently asked questions
         href: faq-cspm.yml
@@ -638,6 +647,9 @@
       - name: Kubernetes data plane hardening
         displayName: k8s, containers, aks
         href: kubernetes-workload-protections.md
+      - name: Vulnerability assessment for Azure powered by Qualys (Deprecated)
+        displayName: ACR, registry, images, qualys
+        href: defender-for-containers-vulnerability-assessment-azure.md
       - name: Defender for Kubernetes (deprecated)
         displayName: clusters, k8s, aks
         href: defender-for-kubernetes-introduction.md

articles/defender-for-cloud/connect-servicenow.md

@@ -0,0 +1,58 @@
+---
+title: Connect ServiceNow to Defender for Cloud
+description: Learn how to connect ServiceNow with Microsoft Defender for Cloud to protect Azure, hybrid, and multicloud machines.
+author: dcurwin
+ms.author: dacurwin
+ms.topic: how-to
+ms.date: 03/11/2024
+ai-usage: ai-assisted
+#customer intent: As a user, I want to learn how to connect my ServiceNow account with Microsoft Defender for Cloud so that I can protect my Azure, hybrid, and multicloud machines.
+---
+
+# Connect ServiceNow to Defender for Cloud
+
+Microsoft Defender for Cloud's integration with ServiceNow allows customers to connect their Defender for Cloud accounts to ServiceNow. ServiceNow is a powerful workflow automation and enterprise solution that helps organizations streamline and automate routine tasks, improving operational efficiencies and increasing productivity. By integrating ServiceNow with Defender for Cloud, customers can prioritize the remediation of recommendations that affect their business. This integration allows you to create and view ServiceNow tickets linked to recommendations directly from Defender for Cloud, which facilitates efficient incident management.
+
+## Prerequisites
+
+- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html). 
+
+- Enable [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md) on your Azure subscription.
+
+- The following roles are required:
+    - To create the integration: Security Admin, Contributor, or Owner.
+
+## Connect ServiceNow to Defender for Cloud
+
+To connect a ServiceNow account to a Defender for Cloud account:
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**.
+
+1. Select **ServiceNow**.
+
+   :::image type="content" border="true" source="./media/connect-servicenow/integrations.png" alt-text="Screenshot of environment settings page that shows where to select the ServiceNow option.":::
+
+1. Select **Add integration** > **ServiceNow**.
+
+   :::image type="content" border="true" source="./media/connect-servicenow/add-servicenow.png" alt-text="Screenshot that shows where the add integration button is and the ServiceNow option." lightbox="media/connect-servicenow/add-servicenow.png":::
+
+1. Enter a name and select the scope.
+
+1. In the ServiceNow connection details, enter the instance URL, name, password, client ID, and client secret that you [created for the application registry](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html) in the ServiceNow portal.
+
+1. Select **Next**.
+
+1. Select Incident data, Problems data, and Changes table from the drop-down menus.
+
+   :::image type="content" border="true" source="./media/connect-servicenow/customize-fields.png" alt-text="Screenshot that shows the custom option selected and the accompanying fields you can enter information into.":::
+
+1. Select **Save**.
+
+A notice appears after successful creation of integration.
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Create a ticket in Defender for Cloud](create-ticket-servicenow.md)

articles/defender-for-cloud/create-governance-rule-servicenow.md

@@ -0,0 +1,68 @@
+---
+title: Create automatic tickets with governance rules
+description: Learn how to create a governance rule in Defender for Cloud that connects recommendations or severity levels to a specific owner.
+author: Elazark
+ms.author: elkrieger
+ms.topic: how-to
+ms.date: 03/11/2024
+ai-usage: ai-assisted
+#customer intent: As a user, I want to learn how to create automatic tickets using governance rules in Defender for Cloud that automatically assigns an owner to specific recommendation or a recommendation with a severity level in Defender for Cloud to my my ServiceNow account.
+---
+
+# Create automatic tickets with governance rules
+
+The integration of SeviceNow and Defender for Cloud allow you to create governance rules that automatically open tickets in SeviceNow for specific recommendations or severity levels. ServiceNow tickets can be created, viewed, and linked to recommendations directly from Defender for Cloud, enabling seamless collaboration between the two platforms and facilitating efficient incident management.
+
+## Prerequisites
+
+- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html). 
+
+- Enable [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md) on your Azure subscription.
+
+- The following roles are required:
+    - To create an assignment:  Admin permissions to ServiceNow.
+
+## Assign an owner with a governance rule
+
+You can create a rule to automatically assign an owner to a recommendation in Defender for Cloud. This rule is based on the recommendation's severity or recommendation.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**.
+
+1. Select **Governance rules**.
+
+   :::image type="content" border="true" source="./media/integration-servicenow/governance-rules.png" alt-text="Screenshot of the environment settings page that shows where the governance rules button is located.":::
+
+1. Select **Create governance rule**.
+
+1. Enter a rule name and select a scope.
+
+1. Select **ServiceNow** In the Type field.
+
+1. Enter a priority.
+
+1. Select and integration instance.
+
+1. Select a ServiceNow ticket type.
+
+1. Select **Next**.
+
+1. Select either:
+    - **By Severity** and the severity level.
+    - **By recommendation** and the recommendation.
+
+1. Select an owner.
+
+1. Select a remediation timeframe.
+
+1. (Optional) Toggle the switch to apply a grace period.
+
+1. (Optional) Set email notifications.
+
+1. Select **Create**.
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Common questions about cloud security posture management (CSPM)](faq-cspm.yml).

articles/defender-for-cloud/create-ticket-servicenow.md

@@ -0,0 +1,75 @@
+---
+title: Create a ticket in Defender for Cloud 
+description: Learn how to create a ticket in Defender for Cloud that connects and synchronizes with your ServiceNow account.
+author: dcurwin
+ms.author: dacurwin
+ms.topic: how-to
+ms.date: 03/11/2024
+ai-usage: ai-assisted
+#customer intent: As a user, I want to learn how to Create a ticket in Defender for Cloud for my ServiceNow account.
+---
+
+# Create a ticket in Defender for Cloud 
+
+The integration between Defender for Cloud and ServiceNow allows Defender for Cloud customers to create tickets in Defender for Cloud that connects to a ServiceNow account. ServiceNow tickets are linked to recommendations directly from Defender for Cloud, allowing the two platforms to facilitate efficient incident management.
+
+## Prerequisites
+
+- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html). 
+
+- Enable [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md) on your Azure subscription.
+
+- The following roles are required:
+    - To create an assignment:  Admin permissions to ServiceNow.
+
+## Create a new ticket based on a recommendation to ServiceNow
+
+Security admins can create and assign tickets directly from the Defender for Cloud portal.
+
+1. Sign in to [the Azure portal](https://aka.ms/integrations).
+
+1. Navigate to **Microsoft Defender for Cloud** > **Recommendations**.
+
+1. Select any recommendation with unhealthy resources that you want to create a ServiceNow ticket for and assign an owner to.
+
+1. Select the resource from the unhealthy resources and select **Assign owner**.
+
+   :::image type="content" border="true" source="./media/create-ticket-servicenow/create-assignment.png" alt-text="Screenshot of how to create an assignment." lightbox="media/create-ticket-servicenow/create-assignment.png":::
+
+1. In the Type field, select **ServiceNow**
+
+    :::image type="content" source="media/create-ticket-servicenow/type-servicenow.png" alt-text="Screenshot that shows the create assignment window and the type field where you select ServiceNow.":::
+
+1. Select the integration instance.
+
+1. Select the ticket type.
+
+   > [!NOTE]
+   > In ServiceNow, there are several types of tickets that can be used to manage and track different types of incidents, requests, and tasks. Only incident, change request, and problem are supported with this integration.
+
+   :::image type="content" border="true" source="./media/create-ticket-servicenow/assignment-type.png" alt-text="Screenshot of how to complete the assignment type.":::
+
+1. Expand the assignment details section.
+
+1. Complete the following fields:
+
+   - **Assigned to**: Choose the owner whom you would like to assign the affected recommendation to.
+   - **Caller**: Represents the user defining the assignment.
+   - **Description and Short Description**: Enter a description, and short description.
+   - **Remediation timeframe**: Select the remediation timeframe.
+   - **Apply Grace Period**: (Optional) apply a grace period.
+   - **Set Email Notifications**: (Optional) You can send a reminder to the owners or the owner’s direct manager.
+
+      :::image type="content" border="true" source="./media/create-ticket-servicenow/assignment-details.png" alt-text="Screenshot of how to complete the assignment details.":::
+
+1. Select **Create**.
+
+After the assignment is created, the Ticket ID assigned to this affected resource will appear next to the resource in the recommendation. The Ticket ID represents the ticket created in the ServiceNow portal. You can select the Ticket ID to navigate to the newly created incident in the ServiceNow portal.
+
+> [!NOTE]
+> When the integration is deleted, all of the assignments will be deleted. Deletion can take up to 24 hrs.
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Assign an owner to a recommendation or severity level](create-governance-rule-servicenow.md)