Threat Intelligence Security Center release notes

  • Release version: Australia
  • Updated March 12, 2026
  • 6 minutes to read
  • The ServiceNow® Threat Intelligence Security Center application is a threat intelligence platform built natively on the ServiceNow AI Platform to operationalize threat intelligence from feed ingestion and enrichment to investigation, response, and sharing. TISC enables security teams to act efficiently on intelligence and defend against threats. TISC was enhanced and updated in the Australia release.

    Threat Intelligence Security Center highlights for the Australia release

    • Introduced Now Assist Case Summarization skill that analysts can use to generate concise, AI-based case summaries.
    • Added playbooks support in Case Management, giving analysts a guided, stage-based workflow for investigations.
    • Added historical data ingestion and flexible expiration handling to TISC Add-on for Splunk Enterprise. 
    • Enhanced MITRE Extraction rule schema to add a combined Techniques and Tactics regex extraction type.
    • Enhanced Relationship Graph with filtering support and performance improvements.
    • Enhanced CrowdStrike feed to support ingestion of malwares.

    See Threat Intelligence Security Center for more information.

    Important:
    Threat Intelligence Security Center is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    New in the Australia release

    Australia Patch 3
    ServiceNow product tiers
    The ServiceNow AI Platform now brings you a new AI experience with three licensing tiers available:
    • Foundation: AI basics to deliver insights
    • Advanced: AI to boost productivity across relevant use cases
    • Prime: Act autonomously with all AI assets and create your own

    Depending on your entitlements, you will have access to certain application features, generative AI skills, agentic workflows, and AI agents.

    Summarize a Case with Now Assist for Threat Intelligence Security Center
    Now Assist for Threat Intelligence Security Center brings generative AI capabilities directly into threat intelligence workflows.  Analysts can generate concise AI-powered summaries of threat cases, including case overview, findings, key actions taken, and recommended next steps.
    Automatic Threat Actor priority tagging
    Enable automatic tagging of threat actors based on their origin locations.
    Configure TISC add-on in Splunk
    TISC Add-on for Splunk Enterprise adds historical data ingestion and flexible expiration handling.
    Link nodes in the Relationship Graph
    The relationship graphs show immediate relationships to the home node for quick rendering of the graph. Filters enable analysts to narrow down to specific nodes and relationships. 
    MITRE ATT&CK Technique Extraction Rules
    Enhanced MITRE™ extraction rule schema to add a combined Techniques and tactics regex extraction type.
    Threat Hunting Playbook
    Threat hunting playbook is now available out of the box. Analysts can use Playbooks for case management as a guided, stage-based workflow for investigations.
    View Premium Threat Feed for CrowdStrike
    Enhanced CrowdStrike premium Threat feed by adding Malware to the record types to ingest. Threat Actor records now link to Malware through uses and develops relationships, and to Location through originates-from and targets relationships. Report and Indicator records are linked to Malware through associated-with. Threat Actor records ingested from CrowdStrike now represent capabilities, target industries, target regions, target countries, and origins as structured tags rather than free-text, additional context fields. Users can use these attributes as filters.
    Have I Been Pwned integration
    Added support in TISC for Have I been pwned? (HIBP) observable enrichment, enabling analysts to identify whether observables have been exposed in known data breaches instances.
    Configure Tagging Rules in TISC
    Introduced automated tagging of RSS feed records using configurable tagging rules to apply tags and taxonomies.
    Create a CWE record
    Introduced CWEs as related entities with support for relationship linking.
    Create Remediations
    Introduced remediations as related entities with support for relationship linking and added support for managing remediations.
    Create a Product
    Introduced products as related entities with support for relationship linking.
    Create a Vendor to a Vulnerability
    Associated vendors as related entities with support for relationship linking.
    Automated creation of zero day vulnerability
    Automatically generate zero day vulnerability records from flagged RSS feeds with extracted and linked CPE, CWE, and CVE details for enhanced threat analysis. The catalog now includes the RSS feed for Google Project Zero, enabling real-time detection of emerging threats.
    Create Vulnerability Assessment from a Vulnerability
    Initiate vulnerability assessments directly from identified issues for faster risk evaluation. Sample workflows and flow actions are included to automate the assessment process.
    Create Security Incident from a Vulnerability Record
    Create security incident records directly from detected vulnerabilities to expedite incident response and streamline threat management workflows.
    Enable security incidents for vulnerabilities
    View vulnerabilities and related intelligence in the TISC Context tab of Security Incident Response Workspace, allowing analysts to quickly access risk data during investigations without navigating to separate records.

    UI changes

    TISC Library Repository
    Enhanced Threat Intelligence Library list views by grouping observables, indicators, threat entities, RSS feed, and vulnerability artifacts into appropriate categories for improved navigation.
    Create Vulnerability Assessment from a Vulnerability
    Introduced a new button Create Vulnerability Assessment to conduct a vulnerability assessment for a specific vulnerability.
    Create Security Incident from a Vulnerability Record
    Introduced a new button Create Security Incident to facilitate identifying vulnerabilities and enable faster incident response within the threat analysis.
    Threat Intelligence Security Center Catalog
    Introduced a new catalog entry which includes the RSS feed for Google Project Zero, enabling real-time detection of emerging threats.

    Changed in this release

    MITRE ATT&CK Technique Extraction Rules and View extracted MITRE ATT&CK Techniques
    Enabled MITRE-ATT&CK extraction rules for RSS feed to map and associate MITRE-ATT&CK techniques.
    View RSS Feeds
    Enhanced the RSS feed schema and parsers to support additional fields, including tags, taxonomies, status, and expiration time.
    Export intelligence data, Sharing of Outbound Intelligence Records from GUI, and Add to TAXII Collections from Library List View
    Enhanced STIX 2.1 export to include Traffic Light Protocol (TLP) definitions applied to intelligence objects as TLP 2.0 marking definition objects. For more information, see Marking Definition.
    System properties for TISC Reports
    The system property sn_sec_tisc.reporting.email_template_sn_sec_tisc_case is no longer supported in TISC. It has been renamed to sn_sec_tisc.default_report_email_template, effective with the latest release.
    Configure custom MISP API feed
    Enhanced MISP API feed ingestion to handle events when the published timestamp is greater than the modified timestamp.
    Define Vulnerability and Access the Vulnerability Entities
    Enhanced the vulnerability schema to support additional vulnerability intelligence fields related to CVSS scoring, exploit details, and remediation information.

    Activation information

    Install Threat Intelligence Security Center by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.