Threat Intelligence release notes

ServiceNow® Threat Intelligence enhancements and updates in the Istanbul release.

Activation information

Activate the Threat Intelligence plugin and configure it based on the needs of your organization. This plugin is available as a separate subscription.

New in the Istanbul release

Automated Threat Intelligence lookups
When observables are added to a security incident record, you can automatically check whether they are malicious, expediting time to response and remediation.
Expose IoC metadata
When viewing an IoC, if the Notes field contains valid JSON key/value pairs, they are parsed and displayed.
Complete IoC lookup with multiple tools
You can submit IoC lookups using multiple scanning tools, such as VirusTotal and Metadefender.
Receive notification email when IoC lookup is completed
After lookups have completed, an email notification is sent to the requestor if that person has notifications enabled. The content of the email depends on the type of lookup being performed.
Threat Intelligence Orchestration
With Threat Intelligence activities,users can determine whether a threat has been seen before in other security incidents or on other systems using workflow and orchestration.

Changed in this release

  • VirusTotal Integration: The VirusTotal integration has been removed from the Threat Intelligence application and is now a separate plugin so it can be installed and configured in the same manner as all other integrations.
  • The VirusTotal API Key [sn_ti_virustotal.api_key] property has been removed from Threat Intelligence properties and is now available from Security Operations > Integration Configuration.