Threat Intelligence Security Center release notes
The ServiceNow® Threat Intelligence Security Center (TISC) application empowers your organization to connect security and IT teams so you can respond faster and more efficiently to threats.
Threat Intelligence Security Center highlights for the Xanadu release
- Visualize node connections between entities like observables, IOCs, and threat actors, and link cases or canvases to enrich analysis.
- Enable continuous monitoring and real-time alerts based on intelligence from TISC with CrowdStrike Falcon EDR integration.
- Block malicious IPs, URLs, and domains using External Dynamic List (EDL) capabilities with Threat Intelligence data and Palo Alto Networks integration.
- Manage the analyst actions through automation flows.
- Conduct research on threats to support the reactive and proactive needs of security teams.
- Create and track threat investigations using Case Management.
See Threat Intelligence Security Center for more information.
New in the Xanadu release
- All observables, indicators, and entities now supports MITRE technique associations.
- Roll up of MITRE technique associations
- MITRE techniques can now be rolled up from artifacts at a case level both manually and automatically.
- Palo Alto Networks integration
- Integration with Palo Alto is now available to manage External Dynamic Lists (EDLs) directly from TISC.
- CrowdStrike Falcon EDR integration
- Integration with CrowdStrike Falcon EDR is now available for continuous monitoring and real-time alerting based on TISC intelligence.
- Working with Investigation Canvases
- Introduced a new Investigation Canvas for deeper and interactive case analysis.
- View details in Relationship Graph
- Enhanced the user experience on relationship visualizations.
- Bulk import Taxonomies
- Supports bulk taxonomy values upload.
- TISC API References
- Creating observables in TISC is now available through the implementation of TISC API 2.0.
- Defining Expiration Rules
- Define expiration policies at a more granular level by creating expiration rules for data source and record type combinations.
- Working with Webhooks
- Initiate trigger-based notifications by using Webhooks.
- Working with automated flows
- Automate analyst actions through sample automation flows.
- Add observables to TISC Case
- Add security incident and observables directly to a TISC case in the Security Incident Response Workspace.
- MITRE ATT&CK Technique Extraction Rules
- Capture automatically extracted MITRE techniques to the intelligence records such as observables, indicators, and all STIX entities.
Changed in this release
- TISC Library Repository
- New aliases can now be added directly from the form views of the threat intelligence library.
UI changes
- View related info from TISC
- In the Security Incident Response Workspace, the TISC Context tab now shows the related information for selected observables.
- Custom Threat Score Calculator in TISC
- The Customer Threat Score Calculator automatically defines threat score criteria for security incidents based on user-defined criteria.
Activation information
Install Threat Intelligence Security Center by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
- Security Operations common functionality
- When any of the plugins for the main Security Operations applications (Security Incident Response, Vulnerability Response, Threat Intelligence, or Configuration Compliance) are activated, the Security Support Common plugin is activated.