SOAR and IT ticketing systems have some superficial similarities—they both intake alerts and assign them to personnel for handling—but their capabilities and the ways they are used are both largely distinct. D3’s integrations with ServiceNow’s ITSM module enable SOC and IT teams to leverage both solutions for collaboration, escalation, and orchestration of important security tasks.
In order to enable stronger security processes without completely reconfiguring their IT infrastructure, ServiceNow users can escalate tickets to create incidents in D3 when the ticket requires investigation by the SOC team. D3 can ingest ticket information including the assignee, description, priority, and comments, which might include threat intelligence that was added in ServiceNow. ServiceNow has its own script-running platforms, which allow it to trigger actions via D3’s RESTful API.
In organizations where the IT team uses ServiceNow and the SOC team uses D3, D3 can send tickets to ServiceNow to assign IT-related security tasks. These might include blocking an IP, quarantining an endpoint, scheduling a patch, or scheduling a vulnerability scan. The D3 user can set the fields they wish to populate in the ServiceNow ticket, such as the ticket number, priority, IP address, endpoint info, and the assigned user or team. The integration is bidirectional, allowing ServiceNow users to update the incident in D3, such as resolving the incident when the ticket is closed.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.