Get started with CrowdStrike Next-Gen SIEM integration

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Activate and set up the CrowdStrike Next-Gen SIEM integration for Security Operation plug-in to interface with your ServiceNow AI Platform instance and Security Incident Response product.

    Before you can use the CrowdStrike Next-Gen SIEM integration, you must download it from the ServiceNow Store.

    Review the following setup checklist and verify that you’ve completed all the tasks for a smooth integration.
    Table 1. Checklist
    Setup task Description
    Assign and verify the required ServiceNow AI Platform and Security Incident Response roles. The following roles are required for configuration and verification of the expected results:
    • The admin role installs the integration from the ServiceNow Store and assigns the sn_si.ingestion_profile_admin and sn_si.analyst roles.
    • The sn_si.ingestion_profile_admin role performs the following tasks:
      • Configures the integration.
      • Creates detection profiles.
      • Maps the CrowdStrike Next-Gen SIEM detection data fields to the security incident fields.
      • Schedules on-going detection ingestion.
      • Enables detection updates when a Security Incident Response detection is created or closed.
    Assign the CrowdStrike required roles. The following roles are required in CrowdStrike to register and configure your application:
    • Application developer for registering the application.
    • Tenant administrator for giving permissions to the application by calling the admin consent endpoint.
    Verify that the ServiceNow core applications that are required to support the integration are installed and activated before you configure this integration. The Security Incident Response plugin (com.snc.security_incident) is required. This plugin automatically installs all the dependencies that are required to support the Security Incident Response product. Install and activate this plugin before you install and activate the other Security Operations applications that are required by the integration.
    Install and configure Install and configure the CrowdStrike Next-Gen SIEM integration for Security Operations application from the ServiceNow Store on your ServiceNow AI Platform instance.