Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Security Operations Common Functionality release notes

Log in to subscribe to topics and get notified when content changes.

Security Operations Common Functionality release notes

ServiceNow® Security Operations Common enhancements and updates in the Istanbul release.

New in the Istanbul release

Email parsing
You can use the Email Parsing module to generate new Security Operations records from an external detection system. This feature provides integration of information from external malware detection, vulnerability detection, firewalls, threat intelligence, and other external sources.
Duplication rules
You can manage duplicate emails in security incidents, vulnerabilities, IoCs, and other Security Operations records.
Filter groups
You can use filter groups to locate records from any table on your instance. You can also filter CIs that have similar vulnerabilities or that fall within a particular subnet IP address range.
You can create an escalation path for security incidents. Once an escalation group exists, a button appears on any security incident in that group.
Enrichment data mapping
Enrichment data maps allow you to transform data from JSON and XML format into ServiceNow records. By transforming data from third-party tools into a normalized format, security teams can more easily analyze the relevant data coming from these sources by providing context when working an incident to expedite the time to response and remediation
Field mapping
Security Operations tables can be mapped to one another. For example, you can link a security incident to a customer service case using field mapping.
Workflow triggers
You can create a workflow trigger that contains conditions on one or more tables. If the conditions are met, all workflows attached to the workflow trigger record run.
Orchestration runtime
Security Operations Orchestration saves time by eliminating manual processes and obtaining contextual information to remediate incidents. Each Security Operations product has standard activity packs and workflows that are included and activated in each of the plugins.

Changed in this release

  • The Qualys Knowledge Base - number of days worth of data to retrieve from Qualys server per API request [sn_vul_qualys.kb.max_delta_days] and Qualys Knowledge Base - max QIDs to pull in a single API request when backfilling vulnerability data [sn_vul_qualys.kb.max_backfill_page_size] properties have been removed from Qualys Cloud Platform properties and are now available from Security Operations > Integration Configuration. They have been renamed:
    • Number of days of knowledge base data to retrieve per API request
    • Max number of QIDs to pull per API request when backfilling vulnerability data