Your organization uses Microsoft Sentinel. You need to configure a playbook that automatically responds to incidents by creating a support ticket in ServiceNow. Which connector should you use?
Provides native integration for creating tickets.
Why this answer
The ServiceNow connector is the correct choice because it provides a direct, pre-built integration between Microsoft Sentinel and ServiceNow, enabling automated creation of incidents or tickets in ServiceNow when a Sentinel incident is triggered. This connector uses the ServiceNow REST API to map Sentinel fields to ServiceNow ticket fields, eliminating the need for custom HTTP calls or additional middleware.
Exam trap
The trap here is that candidates may choose the HTTP connector thinking it is more flexible, but the ServiceNow connector is the purpose-built, supported solution that handles authentication and field mapping natively, making it the correct choice for this specific integration.
How to eliminate wrong answers
Option A is wrong because the HTTP connector is a generic connector that requires manual configuration of endpoints, authentication, and payload formatting, which is more complex and error-prone than using a dedicated ServiceNow connector. Option C is wrong because the Azure Monitor connector is designed to send data from Azure Monitor to other systems, not to create tickets in ServiceNow from Sentinel incidents. Option D is wrong because the Office 365 Outlook connector is used for email-based actions (e.g., sending notifications) and does not support direct integration with ServiceNow's ticketing system.