Threat Intelligence Security Center release notes

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 3 minutes de lecture

    • The ServiceNow® Threat Intelligence Security Center application enables your organization to connect security and IT teams so you can respond faster and more efficiently to threats. Threat Intelligence Security Center was enhanced and updated in the Australia release.

    Threat Intelligence Security Center highlights for the Australia release

    • Added a new integration with Have I Been Pwned (HIBP) to support observable enrichment.
    • Enhanced the vulnerability schema to support additional intelligence fields such as CVSS scoring, exploit details, and remediation information.
    • Added support for managing vulnerability intelligence in the Threat Intelligence Library, including related products, vendors, CWEs, and associated remediations, identifiers, attributes, and vendor comments.
    • Enhanced RSS feed processing with support for additional fields such as tags, taxonomies, and expiration time, and enabled linking RSS feeds to related artifacts.
    • Added automated tagging and MITRE ATT&CK extraction rules to automatically apply tags, taxonomies, and associate relevant techniques. Added automated cleanup of duplicate source records generated during the aggregation process.

    See Threat Intelligence Security Center for more information.

    Important :
    Threat Intelligence Security Center is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    New in the Australia release

    Added support in TISC for Have I Been Pwned (HIBP) observable enrichment, enabling analysts to identify whether observables have been exposed in known data breaches instances.
    Added support for automated tagging of RSS feed records using configurable tagging rules for tags and taxonomies.
    , , ,
    Introduced Products as related entities with support for relationship linking.
    Introduced remediations as related entities with support for relationship linking and added support for managing remediations.
    Introduced Products as related entities with support for relationship linking.
    Introduced Vendors as related entities with support for relationship linking.

    UI changes

    Enhanced Threat Intelligence Library list views by grouping observables, indicators, threat entities, RSS feed, and Vulnerability artifacts into appropriate categories.

    Changed in this release

    and
    Enabled MITRE extraction rules for RSS feeds to automatically map and associate MITRE ATT&CK techniques.
    Enhanced the RSS feed schema and parsers to support additional fields, including tags, taxonomies, status, and expiration time.
    and
    Enhanced STIX 2.1 export to include Traffic Light Protocol (TLP) definitions applied to intelligence objects as TLP 2.0 marking definition objects. For more information, see .
    The system property sn_sec_tisc.reporting.email_template_sn_sec_tisc_case is no longer supported in TISC. It has been renamed to sn_sec_tisc.default_report_email_template, effective with the latest release.
    Enhanced MISP API feed ingestion to correctly handle events when the published timestamp is greater than the modified timestamp.
    and
    Enhanced the vulnerability schema to support additional vulnerability intelligence fields related to CVSS scoring, exploit details, and remediation information.

    Activation information

    Install Threat Intelligence Security Center by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Related ServiceNow applications and features

    Threat Intelligence
    The ServiceNow Threat Intelligence application displays indicators of compromise (IoC) and enables you to enrich security incidents with threat intelligence data.
    Security Incident Response
    With Security Incident Response manage the life cycle of your security incidents from initial analysis to containment, eradication, and recovery. Security Incident Response enables you to get a comprehensive understanding of incident response procedures performed by your analysts, and understand trends and bottlenecks in those procedures with analytic-driven dashboards and reporting.
    Security Operations common functionality
    The Security Support Common plugin is activated when any of the plugins for the main Security Operations applications (Security Incident Response, Vulnerability Response, Threat Intelligence, or Configuration Compliance) are activated.