Create a detection profile for CrowdStrike Next-Gen SIEM

  • Release version: Xanadu
  • Updated June 30, 2025
  • 1 minute to read

    • Determine the CrowdStrike Next-Gen SIEM detections that are suitable for creating security incidents by creating a detection profile in your ServiceNow AI Platform instance.

    Before you begin

    Role required: sn_si.ingestion_profile_admin

    Note:
    Users with the sn_si.admin role can perform all operations available to a profile admin because the sn_si.admin role inherits the required permissions by default.

    Procedure

    1. Navigate to All > CrowdStrike Next-Gen SIEM > Detection Profile.
    2. Select New.
    3. On the form, fill in the fields.
      Table 1. CrowdStrike Next-Gen SIEM - Detection Ingestion Configuration form
      Field Description
      Name

      Name of the profile.

      This name is also the default name for the security tag associated with this profile.
      Active

      Option for making the profile active.

      When a profile is active, the ServiceNow AI Platform actively polls CrowdStrike Next-Gen SIEM detections and corresponding security detections are created in Security Incident Response when the filtering conditions are matched.
      Source CrowdStrike tenant that you configured to ingest detections. If you have multiple tenants configured, select the appropriate tenant for the detection types you are planning to ingest for the profile.
      Order Priority in which the profiles are executed when two or more profiles share triggering conditions. Priority values are usually provided as 100 (the default value), 200, 300, and so on.

      The profile with the lowest number has the highest priority.
      Description Optional description of the profile.
    4. Select Update .

      The initial detection profile is created with basic information. Saving the profile at this point enables you to continue with defining the profile in case you are interrupted.

    5. Optional: Continue with the profile definition process immediately.
      1. On the CrowdStrike-Nextgen Detection Profiles page, select the profile you just created.
      2. In the progress bar, select Correlation Rules.

    What to do next

    Set correlation rules for CrowdStrike Next-Gen SIEM integration