Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Security Incident Response release notes

Security Incident Response release notes

ServiceNow® Security Incident Response product enhancements and updates in the Kingston release.

Kingston upgrade information

Application administration is enabled for Security Incident Response by default. If you are upgrading from a version earlier than Jakarta, verify whether you have added custom tables to Security Incident Response. If so, and your custom tables rely on global ACLs, you may need to recreate those global ACLs in the Security Incident Response scope after the upgrade. If you added custom roles or custom ACLs, retest them after the upgrade and ensure the assignable by attribute on the roles is set correctly to allow access to application administration.

Activation information

Activate the Security Incident Response plugin and configure it based on the needs of your organization. This plugin is available as a separate subscription.

New in the Kingston release

Security Incident Response flow templates
Use Security Incident Response flow templates as is, or create new flows and actions using the Flow Designer.
Worknote filtering
Access new journal fields on a security incident that enable filtering on worknotes. These fields help distinguish between worknotes that were manually entered by analysts and those that result from automation and third-party integrations.

Changed in this release

  • Security Data Enrichment: The Security Data Enrichment related list in security incidents is hidden by default given that other related lists present the same information for security analysts.
  • Email Search Results: Results from an email search are summarized in a new Email Search Result record so you can easily compare counts.