ArcSight ESM Event Ingestion for Security Operations release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of ArcSight ESM Event Ingestion for Security Operations release notes

    The ArcSight ESM Event Ingestion integration for Security Operations automates the ingestion of correlated security events from ArcSight ESM into the ServiceNow platform. This integration enhances the automation of security incident creation through dynamic mapping, supporting improved security operations and incident response.

    Show full answer Show less

    ArcSight ESM is a market-leading solution for collecting, correlating, and reporting security event information, and this integration streamlines the process within ServiceNow Security Incident Response (SIR).

    Key Enhancements and Fixes by Version

    • Version 10.5.1 (June 2026): Resolved access issues for Security Analysts querying tables.
    • Version 10.5.0 (December 2025): Upgraded all dictionary-level read-only fields to Strict Read-Only, ensuring consistent enforcement of read-only behavior across UIs, scripts, and integrations for enhanced security.
    • Versions 10.4.19 to 10.4.17 (2025): Fixed multiple issues related to configuration item mapping and sysscope errors.
    • Version 10.4.15 (November 2024): Migrated default workflows to Flow Designer flows, aligning with ServiceNow’s modern workflow standards.
    • Version 10.4.13 (May 2024): Removed dependency on the new UI to improve compatibility.
    • Version 10.4.11 (March 2024): Fixed timeout issues for integrations involving midservers during longer wait times.
    • Version 10.4.10 (December 2023): Corrected misconfigured table/field ACLs within the integration plugin to improve security and functionality.
    • Version 10.4.9 (November 2023): Removed duplicate entries caused by Restricted Caller Access (RCA) records that led to cross-scope access errors.
    • Version 10.4.8 (May 2023): Fixed scheduling issues related to date format changes and addressed value truncation for ID fields exceeding 19 digits.
    • Version 10.4.6 (September 2022): Improved event ingestion logging and resolved UI issues with POLON tabs.
    • Version 10.4.5 (May 2022): Enhanced persistence of Security Incident Response (SIR) fields and resolved parsing issues with single events.
    • Versions 10.4.4 and 10.4.2 (2021 and 2020): Included UI improvements and minor bug fixes.
    • Version 10.4.1 (June 2020): Added support for ArcSight related lists and actions within the Security Incident Response UI for improved usability.

    Practical Impact for ServiceNow Customers

    This integration enables customers to streamline the ingestion of security events from ArcSight ESM into ServiceNow, automating incident creation and improving security operations efficiency. Updates focus on security enhancements, improved data integrity, UI improvements, and workflow modernization to ensure a reliable and user-friendly experience.

    Customers can expect enhanced access control, better handling of configuration items, and more robust event processing capabilities, supporting their security teams in managing incidents more effectively.

    Additional Considerations

    For detailed system requirements and compatibility information, customers should refer to the application listing on the ServiceNow Store. Staying up to date with the latest versions ensures access to important fixes and security upgrades.

    Version history for the ArcSight ESM Event Ingestion integration for Security Operations on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 10.5.1 - June 2026
    Fixed: Access issues for Security Analyst while querying tables
    Version 10.5.0 - December 2025
    New: Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes.This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
    Version 10.4.19 - August 2025
    • Fixed:
      • Multiple configuration items not mapping to SIR.
      • sys_scope issue in Arcsight ESM.
    Version 10.4.17 - April 2025
    Fixed: Issue related to the configuration item mapping.
    Version 10.4.15 - November 2024
    Changed: Migrated default workflows to flows using Flow Designer.
    Version 10.4.13 - May 2024
    The dependency on the new UI is removed.
    Version 10.4.11 - March 2024
    Fixed: Time out issues for integrations in case of longer waiting time is expected for midserver.
    Version 10.4.10 - December 2023
    Fixed: Misconfiguration of table/field ACLs within the com.snc.secops.arcsight plugin. This is now fixed.
    Version 10.4.9 - November 2023
    Fixed: The Restricted Caller Access (RCA) record causing duplicate entries when the source was trying to access the target source has been deleted. The platform was reading RCA to check whether cross-scope access is allowed for the target resource, and that's when it noticed a duplicate entry and displayed an error.
    Version 10.4.8 - May 2023
    • Fixed:
      • One-Time Retrieval was not working on the scheduling page in the profile when you change the date format to DD-MM-YYYY.
      • Arcsight event ingestion is truncating values when the ID fields are 19 or more digits.
    Version 10.4.6 - September 2022
    • Fixed:
      • Improve the logging for ArcSight ESM Event Ingestion.
      • POL_ON tabs were greying out on clicking the continue button.
    Version 10.4.5 - May 2022
    • Fixed:
      • When there is a Business Rule on Observable/CI, and task M2M records which update the SIR fields automatically. This occurs since SIR was not persisted at the creation time using SIEM, and the SIR fields are not getting updated. Now SIR would persist first in DB, and then the M2M records are created.
      • Records were not getting parsed if only one event was generated in ArcSight.
    Version 10.4.4 - December 2021
    Fixed: UI changes.
    Version 10.4.2 - August 2020
    Fixed: Minor bug fixes.
    Version 10.4.1 - June 2020
    New: Added support for ArcSight related lists and actions to be available in the Security Incident Response UI.
    Version 10.0.5 - March 2020
    ArcSight ESM is a market-leading solution for collecting, correlating, and reporting on security event information. This integration with ArcSight ESM will be used automate ingestion of correlated events from ArcSight and improve the ability to automate creation of security incidents in the ServiceNow platform through dynamic mapping.