Security Operations common functionality release notes ServiceNow® Security Operations Common product enhancements and updates in the Kingston release. Activation information Whenever any of the plugins for the main Security Operations applications (Security Incident Response, Vulnerability Response, Threat Intelligence, or Configuration Compliance) are activated, the Security Support Common plugin is activated. This plugin loads various modules that provide functionality that is common across all Security Operations applications. New in the Kingston release User-Reported Phishing Allows security teams to automatically create security incidents from EML attachments that are forwarded to ServiceNow. Email search criteria are also generated based on observables that are parsed from the EML file. CI Identifier Rules Allows security administrators to configure the tables and fields within the CMDB that are used to look up existing Configuration Items when importing Vulnerable Items. Rules are extensible to accommodate attribution and data that may be unique to a customer environment.