Security Incident Response release notes ServiceNow® Security Incident Response application enhancements and updates in the Helsinki platform release. Activation informationAn administrator can activate the Security Incident Response (com.snc.security_incident) plugin. Browser requirements See Generally supported browsers. New in the Helsinki platform release Dashboards for CISO and Security Manager Chief security officers and security managers can view dashboards that target specific security metrics based on criticality, service impact, or SLAs related to their roles. Affected users added to security incidents Often, security incidents can be targeted at users or groups, as opposed to CIs. Multiple incidents for the same affected user can be an indication of a greater problem. Business Criticality calculator The business criticality calculator uses an aggregate of other severity calculators to calculate the potential impact on your business that is posed by a security incident or vulnerability. Generic transform map Data sources, such as Splunk, provide additional information that is not part of the base system table definition. When new fields are exposed in the Security Incident table, those fields are auto-populated without needing to modify the import definition. Splunk integration Integration with Splunk via a Splunkbase application lets security analysts and responders create events or incidents in Security Incident Response. This function enables teams to collaborate on the downstream response to an incident while tracking all the runbook responses and hand-offs in ServiceNow Security Operations. ServiceNow Security Operations for Splunk is available at https://splunkbase.splunk.com/. Changed in this release Administrator lockdown on by default: The administrator lockout feature is enabled by default. A security role is required to access security features and records. Role change: sn_si.agent has been changed to sn_si.analyst. Performance Analytics plugin: Performance Analytics functionality has been split into its own plugin, because Performance Analytics dashboards require separate licensing. Post-incident review is automatically generated: When the post incident review (PIR) reaches the Review state, the report is automatically generated. When a security assessment is taken, the report is generated again. UI simplifications: New menu items are tailored for Security Analysts. Additional entries were added to integrate with common-used filters. Menu entries are role-sensitive so that users with different roles are presented with tailored, optimized navigation menus.