IBM QRadar Offense Ingestion for Security Operations release notes
Version history for the IBM QRadar Offense Ingestion for Security Operations on the ServiceNow Store.
Important:
For details on system requirements and family compatibility, view the application
listing on the ServiceNow Store
website.
Version history
- Version 10.7.4 - June 2026
- Fixed:
- Duplicate SIR creation issue for single offense in IBM Qradar.
- Cobalt Raven Non-Glide Query ACLs Directive.
- Fixed:
- Version 10.7.3 - April 2026
- Fixed:
- SIR creation issue in case of secure notes mapping.
- Preview Section so that Event Data is now displayed correctly.
- Fixed:
- Version 10.7.1 - March 2026
-
- New:
- Added support to fetch ADE Rules from IBM QRadar into Security Incident Response.
- Introduced strategies to present offense data without dependency on CMDB or identity tables in the QRadar Offense Ingestion integration with SIR.
- Fixed:
- Custom offense fields that were not being retrieved, preventing proper field mapping during ingestion.
- Event information that was not being mapped correctly during QRadar profile ingestion.
- "Fetch Sample Data" feature, which was failing.
- Offense fields mapping to Security Incident Records
- New:
- Version 10.6.1 - February 2026
- Fixed: "Fetch Sample Data" functionality on the mapping screen for IBM QRadar SIEM Offense Ingestion.
- Version 10.6.0 - January 2026
- New: Added support for fetching closed incidents from IBM QRadar into Security Incident Response.
- Version 10.5.0 - December 2025
- New: Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes. This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
- Version 10.4.20 - October 2025
-
Fixed:
- Optimized the offense ingestion process to handle events efficiently. These improvements reduce latency, improve throughput, and ensure faster availability of ingested offenses for analysis and investigation.
- Qradar ingestion not working for On-prem deployments.
- Not able to edit existing Field translations.
- Version 10.4.19 - September 2025
- Fixed: Optimized the offense ingestion process to handle events efficiently. These improvements reduce latency, improve throughput, and ensure faster availability of ingested offenses for analysis and investigation.
- Version 10.4.14 - November 2024
- Fixed: Fixed an issue where QRadar profile gets stuck in running state when system is restarted or shut down.
- Version 10.4.13 - May 2024
- The dependency on the new UI is removed.
- Version 10.4.12 - March 2024
- Fixed the issue of same offense ID in multiple Qradar instances.
- Version 10.4.9 - November 2023
- Fixed: One-time retrieval was not working on the Scheduling page of the profile in QRadar integration when the date format was changed to DD-MM-YYYY.
- Version 10.4.7 - May 2023
- Fixed: Handle 206 status code response from QRadar in Offense Ingestion.
- Version 10.4.4 - September 2022
-
- New: Added overlapping properties to integration settings.
- Fixed: Update 'start_time' to 'first_persisted_time' to avoid missing offenses.
- Version 10.4.3 - March 2022
-
- Changed: Updated AngularJS library version.
- Fixed:
- Updated IBM QRadar close codes in the Additional Options stage.
- Creating Blank SIR (skipping SIR sequence) when M2M mapping is done for Observable/CIs in Profile.
- Version 10.4.2 - December 2021
- Fixed: UI changes.
- Version 10.4.1 - December 2020
- Fixed: This release contains minor accessibility fixes.
- Version 10.4.0 - November 2020
-
- Changed:
- Modified the QRadar rule selection logic to fetch all the offenses generated by SYSTEM, OVERRIDE, and USER rules that are active.
- Performance improvements.
- Fixed: Minor bugs.
- Changed:
- Version 10.3.1 - June 2020
- Fixed: Minor bug fixes and improvements.
- Version 10.1.0 - May 2020
- Changed: Authentication method changed to IBM QRadar API authorized service token to support both QRadar on-premises and QRadar on Cloud.
- Version 10.0.2 - March 2020
- IBM QRadar is a market-leading solution for collecting, correlating, and reporting on security event information. This integration will be used to automate ingestion of correlated events from IBM QRadar and improve the ability to automate creation of security incidents in the ServiceNow platform through dynamic mapping.