Microsoft Graph Security API Alert Ingestion integration for Security Operations release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Microsoft Graph Security API Alert Ingestion integration for Security Operations release notes

    The Microsoft Graph Security API Alert Ingestion integration for Security Operations in ServiceNow provides a unified interface to automatically fetch security alerts from multiple providers, including Microsoft native and partner sources. These alerts are converted into security incidents in ServiceNow, enabling streamlined automated response actions. The integration evolves through regular updates that enhance security, performance, and compatibility.

    Show full answer Show less

    Key Enhancements and Fixes

    • Security Improvements: Version 10.5.0 upgraded dictionary-level read-only fields to Strict Read-Only, ensuring consistent enforcement of read-only settings across all interfaces and integrations.
    • Alert Management: Updates include reintroduction of alert filtering columns, better handling of polling failures, and improved alert ingestion mechanisms to prevent missing alerts during scheduled polling.
    • Credential Validation: Fixed issues where invalid credentials incorrectly showed success messages during configuration validation.
    • API Upgrades: Integration with Microsoft Graph Security API version 2.0 enables mapping of MITRE ATT&CK data from alerts into Security Incident Response fields for enhanced threat context.
    • Performance and UI Fixes: Various updates removed dependencies on new UI versions, applied dark theme consistently, and resolved password policy and UI bugs to improve user experience.
    • Data Integrity: Ensured proper persistence of Security Incident Response fields and related records during alert ingestion and business rule executions.
    • Configuration Flexibility: Endpoint paths were moved from hardcoded values to system properties for easier customization.
    • Key Management: Integration with ServiceNow’s Key Management Framework allows management of encryption keys used for sensitive password fields.

    Practical Benefits for ServiceNow Customers

    By using this integration, customers can:

    • Automate the ingestion of security alerts from diverse sources, reducing manual effort and improving incident response times.
    • Leverage enriched alert data, including MITRE ATT&CK mappings, to gain deeper security insights in ServiceNow’s Security Operations.
    • Maintain strong security controls through strict read-only field enforcement and secure credential handling.
    • Benefit from ongoing performance improvements and UI enhancements for a more reliable and user-friendly experience.
    • Customize integration endpoints and manage encryption keys to fit organizational policies and requirements.

    For detailed system requirements and compatibility, customers should review the application listing on the ServiceNow Store.

    Version history for the Microsoft Graph Security API Alert Ingestion integration for Security Operations on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 10.5.3 - June 2026
    Changed: Replaced hardcoded endpoint path to system properties.
    Version 10.5.2 - March 2026
    Fixed: Reintroduced a new column to filter alerts.
    Version 10.5.1 - February 2026
    Fixed: Successful validation message getting displayed during configuration tile validation despite invalid credentials.
    Version 10.5.0 - December 2025
    New: Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes.This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
    Version 10.4.13 - August 2025
    Fixed: Improved Handling of Next Poll Date for Microsoft Graph Security Alert Integration on HTTP Failures.
    Version 10.4.8 - May 2024
    The dependency on the new UI is removed.
    Version 10.4.7 - November 2023
    Fixed: Updated the dependent application's (Common Plugin for SecOps SIEM Integration) version to the latest version.
    Version 10.4.6 - May 2023
    • New:
      • The Microsoft Graph Security API - ServiceNow Security Incident Response integration has been upgraded to V2.0 API.
      • Provides you with the ability to map MITRE ATT&CK data in the Graph Security alert to the MITRE ATT&CK field in the security incident.
    • Fixed:
      • One-Time Retrieval is not working on the scheduling page of the profile when we change the date format to dd-MM-YYYY for the Graph Security API.
      • Microsoft Graph Security API Alert Ingestion Integration: Dark theme is not applied to all fields.
    Version 10.4.5 - September 2022
    Changed: Performance fix.
    Version 10.4.4 - June 2022
    Fixed: When there is a Business Rule on Observable/CI and task M2M records, which updates the SIR fields automatically. This occurs since SIR was not persisted at the creation time using SIEM, and the SIR fields are not getting updated. This issue has been resolved, and now SIR would persist first in DB, and then the M2M records are created.
    Version 10.4.2 - December 2021
    Fixed: UI fixes.
    Version 10.4.1 - October 2021
    Fixed: Added additional password-related policies.
    Version 10.4.0 - May 2021
    • Changed: When multiple alert fields are mapped to a SIR field and if one of the alert field value is NULL or blank, that doesnt empty the SIR field instead will map the values available.
    • New: Alerts ingestion mechanism is improved to avoid missing alerts injestion during polling intervals
    Version 10.3.3 - December 2020
    Changed: With Key Management Framework plugin, developers will have an ability to manage keys used for Password2 fields through crypto module definition.
    Version 10.0.6 - May 2020
    • The Microsoft Graph Security API is an intermediary service (or broker) that provides a single programmatic interface to connect multiple security providers (Native to Microsoft as well as ServiceNow Partners).
    • The Microsoft Graph Security Alert Ingestion integration allows you to automatically fetch alerts from multiple security providers and convert them into security incidents and enable automated response actions.