Security Operations common functionality release notes

ServiceNow® Security Operations Common product enhancements and updates in the Kingston release.

Activation information

Whenever any of the plugins for the main Security Operations applications (Security Incident Response, Vulnerability Response, Threat Intelligence, or Configuration Compliance) are activated, the Security Support Common plugin is activated. This plugin loads various modules that provide functionality that is common across all Security Operations applications.

New in the Kingston release

User-Reported Phishing
Allows security teams to automatically create security incidents from EML attachments that are forwarded to ServiceNow. Email search criteria are also generated based on observables that are parsed from the EML file.
CI Identifier Rules
Allows security administrators to configure the tables and fields within the CMDB that are used to look up existing Configuration Items when importing Vulnerable Items. Rules are extensible to accommodate attribution and data that may be unique to a customer environment.