Install and configure

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Install and configure the CrowdStrike Next-Gen SIEM integration for Security Operations application from the ServiceNow Store on your ServiceNow AI Platform instance.

    Before you begin

    Role required: sn_si.ingestion_profile_admin

    Minimum scopes needed to configure CrowdStrike Next-Gen SIEM in ServiceNow® instance include:

    Action Scope Needed
    Fetch Detections Alerts- Read
    Update Comments/State Alerts- Write
    Create Search Query Job NGSIEM- Write
    Fetch Search Query Job NGSIEM- Read
    Fetch Correlation Rules Correlation Rules- Read

    Procedure

    1. Download the CrowdStrike Next-Gen SIEM integration from the ServiceNow Store and install it.
      For more information, see Download an application from the ServiceNow Store for the first time
    2. Navigate to Security Operations > Integrations > Integration Configurations.
    3. Search for the CrowdStrike Next-Gen SIEM integration tile, and select Configure.
    4. On the form, fill in the fields.
      Table 1. CrowdStrike Next-Gen SIEM integration form
      Field Description
      Name

      Name of the CrowdStrike Next-Gen SIEM integration.
      Client ID

      The client ID that you obtain from the settings section of your account profile in the CrowdStrike portal.
      Client Secret

      The client secret key that you obtain from the settings section of your account profile in the CrowdStrike portal.
      Region Data center to pull data from. Specify the Region: US-1, US-2, EU-1, US-GOV-1, US-GOV-2

      By default, the field is set to US-1
    5. Select Submit.
      The configured integration tile displays.

    What to do next

    Create a detection profile