Microsoft Security Response Center Spoke

  • Release version: Yokohama
  • Updated September 2, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Microsoft Security Response Center Spoke

    The Microsoft Security Response Center (MSRC) Spoke enables ServiceNow customers to integrate the Microsoft Security Response Center API with their ServiceNow instances. This integration facilitates the investigation and management of security vulnerability reports related to Microsoft products and services, helping to manage security risks and maintain system protection.

    Show full answer Show less

    The spoke requires an Integration Hub subscription and depends on several ServiceNow plugins. It is designed primarily for the MSRC API version 2020 but may support later versions.

    Key Features

    • Abuse Management: Automate submission of abuse reports to the Microsoft Computer Emergency Response Team via the Common Abuse Reporting System (CARS).
    • Security Management: Retrieve detailed information about security updates by CVRF ID, get lists of all Microsoft security updates, or filter updates by ID, CVE, or year.
    • AI Agents: Includes the Microsoft Security Response Center security manager AI agent, which can fetch security update details based on specific identifiers. AI agents can be incorporated into agentic workflows for automated and intelligent task execution. Customers can clone and customize these AI agents as needed.
    • Connection Management: Utilizes Integration Hub aliases to manage connections and credentials efficiently across multiple environments, simplifying credential updates and maintenance.

    Practical Benefits for ServiceNow Customers

    • Streamlines investigation and response to Microsoft product security vulnerabilities directly within ServiceNow.
    • Automates security update retrieval and abuse report submissions, reducing manual effort and improving response times.
    • Leverages AI to enhance security management workflows with intelligent, customizable agents.
    • Simplifies credential and connection management through Integration Hub aliases, enabling easier deployment across environments.

    Requirements and Setup

    • An active Integration Hub subscription is necessary to use this spoke.
    • Ensure dependent plugins such as IntegrationHub Action Step - REST, Complex Object, and IntegrationHub Runtime are installed and properly licensed.
    • Set up connection and credential aliases to securely manage authentication with the Microsoft Security Response Center API.

    By implementing this spoke, ServiceNow customers can enhance their security operations with direct integration to Microsoft’s security vulnerability feeds and automate critical processes to maintain robust security postures.

    Integrate the Microsoft Security Response Center API with your ServiceNow instance to investigate all reports of security vulnerabilities affecting the Microsoft products and services, and gather information to manage security risks and keep the system protected.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Integration Hub subscription

    This spoke requires an Integration Hub subscription. For more information, see Legal schedules - IntegrationHub overview.

    Spoke version

    Microsoft Security Response Center spoke v1.3.0 is the latest version.

    Supported versions

    This spoke was built for Microsoft Security Response Center API version 2020, but may be compatible with later versions.

    Spoke dependencies

    If you’re having trouble installing the app, ensure that these dependent plugins are installed:
    • ServiceNow IntegrationHub Action Step - REST (com.glide.hub.action_step.rest)
    • Complex Object (com.glide.cobject)
    • ServiceNow IntegrationHub Runtime (com.glide.hub.integration.runtime)
    Note:
    Some of these plugins are licensable features and require appropriate licenses, if used outside the spoke implementation.

    Spoke actions

    The Microsoft Security Response Center spoke provides actions to automate tasks when events occurs in your ServiceNow instance. Available actions include:

    Category Action Description
    Abuse Management Submit Abuse Report Submits report to the Microsoft Computer Emergency Response Team using the Common Abuse Reporting system (CARS).
    Security Management Get Security Update Details Retrieves information about the specific CVRF ID.
    Look up Security Updates Retrieves the list of all Microsoft security updates.
    Look up Security Updates By Key Retrieves the list of security updates based on the provided ID, CVE, or year.

    Available AI agents

    Install Now Assist for Integration Hub and start using the available AI agents. For more information, see Now Assist for Integration Hub.

    This spoke provides standalone AI agents that mimic human-like intelligence to perform tasks in your ServiceNow instance.
    • In the ServiceNow agentic system, you can create an agentic workflow that comprises of a set of large language model (LLM) instructions along with one or more standalone AI agents to execute an objective. See Create an agentic workflow for information about adding AI agents to create agentic workflows as per your requirement and provide the required trigger.

      You can also search for other available AI agents and add them to your agentic workflow. See Find AI agents for more information.

    • You can create a clone of the required spoke AI agent and customize it as per your requirement. See Duplicate an AI agent for more information about creating a clone.
    • See Now Assist AI agents for information about AI agents.

    Available AI agent is Microsoft Security Response Center security manager. This AI agent retrieves details of the security updates based on the provided ID, CVE, or year.

    Looking for an AI agent?
    • There might be AI agents installed with the Now Assist application that are not used in agentic workflows. To learn how to see all agents that are available on your instance, see Find AI agents.
    • To find agents that might not be installed on your instance, visit the AI Agent Marketplace on the ServiceNow Store.
    Note:
    Ensure that the user running an AI agent has the required roles and permissions to access data or perform operations on data in the table that is associated with the AI agent.

    Connection and credential alias requirements

    Integration Hub uses aliases to manage connection and credential information, and OAuth credentials. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using multiple environments. If the connection or credential information changes, you don't need to update any actions that use the connection.

    For information about setting up the spoke, see Set up the Microsoft Security Response Center spoke.