Security Operations CrowdStrike Falcon Intelligence integration release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Security Operations CrowdStrike Falcon Intelligence integration release notes

    The Security Operations CrowdStrike Falcon Intelligence integration provides enhanced threat intelligence capabilities within the ServiceNow platform. It enables automated and efficient threat lookup, improved security controls, and seamless integration with Security Incident Response workflows. The integration supports OAuth2 authentication and complies with evolving security standards to ensure reliable and secure data access.

    Show full answer Show less

    Key Features

    • Automated threat lookup with configurable filters to limit repeated lookups on the same observable within a specified duration, optimizing performance and reducing redundant queries (introduced in version 10.5.0).
    • Threat lookup finding calculator that maps third-party computed results to supported findings within ServiceNow, enhancing accuracy in threat identification (introduced in version 10.5.0).
    • Migration of the Threat lookup workflow to Flow Designer for streamlined automation and improved customization (version 10.7.0).
    • Strict Read-Only enforcement on dictionary-level fields to prevent unauthorized changes across UIs, scripts, and integrations, strengthening data integrity (version 10.8.0).
    • Support for OAuth2 authentication requiring API Client ID and Secret, increasing security in API communication (version 10.3.1).
    • Added query range access controls (ACLs) for CrowdStrike Intelligence to fine-tune data access permissions (version 10.8.2).
    • Enhanced CrowdStrike Indicators API integration, including indicator types in threat lookups to improve malicious confidence scoring (version 10.8.1).
    • Support for Security Incident Response workspace with updated data types to improve integration consistency (version 10.5.1).
    • Additional security policies and management of password-related fields through Key Management Framework and crypto modules (versions 10.4.1 and 10.3.3).

    Key Outcomes

    • Improved threat intelligence accuracy and confidence through enhanced API integration and findings mapping.
    • Better security posture with strict enforcement of read-only fields and OAuth2 authentication.
    • Reduced redundant threat lookups, optimizing system performance and resource utilization.
    • Streamlined automation and configuration via Flow Designer support.
    • Granular access controls ensuring appropriate data access based on user roles and permissions.
    • Compatibility with Security Incident Response workspace for cohesive security operations management.

    Version history for the Security Operations CrowdStrike Falcon Intelligence integration on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 10.8.2 - June 2026
    New: Added query range ACLS for CrowdStrike Intel.
    Version 10.8.1 - March 2026
    Fixed: The CrowdStrike Indicators API now incorporates indicator types in threat lookup, resulting in improved malicious confidence.
    Version 10.8.0 - December 2025
    New: Upgraded all dictionary-level read-only fields to Strict Read-Only to improve security and prevent unauthorized changes.This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
    Version 10.7.0 - August 2024
    Changed: Migrated Threat lookup workflow to flow designer.
    Version 10.5.2 - March 2024
    Fixed: Run threat lookup action for CrowdStrike Falcon Intelligence indicators now updates the results without the indicators.
    Version 10.5.1 - February 2023
    New: Added type changes to support the Security Incident Response workspace.
    Version 10.5.0 - November 2022
    • New:
      • Introducing a filter that allows running automated threat lookup on an observable only once within a configured duration. Any re-runs for the same observable will be skipped until the configured duration/period has passed.
      • Introducing a threat lookup finding calculator, which calculates the findings based on the responses received. For third-party integrations that provide the computed results, the threat lookup finding calculator maps the results to supported findings in the system.
    Version 10.4.1 - October 2021
    • New:
      • Add Crowdstrike User string in outbound HTTP calls
      • Added 'IOC Manager APIs' read and write permissions as required for the corresponding API key
    • Fixed: Added additional password-related policies
    Version 10.3.3 - December 2020
    Changed: With Key Management Framework plugin, developers will have an ability to manage keys used for Password2 fields through crypto module definition.
    Version 10.3.1 - October 2020
    Changed: The integration now supports OAUTH2 authentication. This update requires the user to enter the API Client ID and the API Client Secret to authenticate and complete the configuration. If you are upgrading the integration from a previous version, then you must delete the existing configuration and set up a new configuration. The new integration supports OAUTH2 authentication. This update requires you to enter the API Client ID and the API Client Secret to authenticate and complete the configuration.
    Version 10.0.0 - September 2020
    New: Implementation Flow to support the new capability framework (v2.0)
    Version 10.0.0 - March 2020
    New: Implementation Flow to support the new capability framework (v2.0)