Our website uses cookies to enhance your browsing experience.


How to Integrate CrowdStrike with ServiceNow


CrowdStrike has crafted a highly extensible platform that allows customers and partners alike to leverage APIs with other existing security solutions products. In this video and article, we will take a look at our integration with the ServiceNow platform.


Getting Started

Before setting up the integration in your ServiceNow instance, there are a few prerequisite steps. 

  1. Contact the CrowdStrike support team at support@crowdstrike.com to request the enablement of your legacy Query API credentials. 
  2. Visit the ServiceNow Store to view more info on the integration as well as download a user guide. 
    1. CrowdStrike Falcon Endpoint: Link
    2. CrowdStrike Falcon Endpoint for Security Operations: Link
  3. Have an administrator of your instance install the Application(s).

Once the app is installed, enter the API information in the ‘Configurations’ section found by searching CrowdStrike in the Navigator. Configurations allow you to select several options such as incident creation and assignment groups.


How can customers use CrowdStrike event data within the ServiceNow interface?

Once you have installed and configured the ServiceNow integration, you will begin to receive a feed that will populate the “Detections” module within the CrowdStrike application. This allows you to view new threats at a glance. 

servicenow detections


You will be able to click into a detection to view more information about it, such as its severity and relevant metadata surrounding the event.

servicenow detection details

Interfacing with ITSM and Security Operation Modules

Depending on your configuration, the application is able to create ITSM and Security Incidents within the platform. This is customizable based on which modules you have installed as well as a severity threshold you select for new incident creation. This allows your security responders to easily integrate Falcon detections into their existing workflows.

servicenow incidents




CrowdStrike’s ServiceNow integration heightens the usability of Falcon event data allowing your incidents responders to quickly identify and complete remediation of threats on your endpoints. Our API first approach makes it possible for you to leverage the CrowdStrike event data as needed to optimize your workflows and maximize the efforts of your overworked security staff.

More resources

Content provided by Dixon Styres

CrowdStrike Falcon Free Trial

Try CrowdStrike Free for 15 Days Get Started with A Free Trial