LogRhythm integration release notes

  • Release version: Store
  • Updated June 11, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of LogRhythm Integration Release Notes

    The LogRhythm integration for ServiceNow Security Operations enables seamless ingestion, mapping, and management of LogRhythm alarms and events within the ServiceNow platform. This integration supports creating and managing security incident response (SIR) workflows by linking LogRhythm alarms to ServiceNow security incidents, enhancing security incident management efficiency.

    Show full answer Show less

    Key Features

    • Support for multiple alarm profiles with customizable field mapping to SIR incident fields, including phishing and malware categories.
    • Drag-and-drop alarm field mapping and preview of SIR incident layout based on sample alarms to validate configurations.
    • Historical and ongoing alarm ingestion with configurable intervals to keep incident data current.
    • Automated incident closure linked to alarm closeout with SIR incident ID and URL for easy cross-referencing.
    • Enhanced security controls by upgrading read-only fields to strict read-only and enforcing least-privilege roles (snsi.admin) instead of admin roles.
    • Improved data handling and mapping accuracy, such as correct date/time field format mappings and configuration item (CI) mappings.
    • Migration from REST to SOAP APIs and transition from default workflows to Flow Designer flows for improved automation and maintainability.
    • User interface improvements including profile mapping page updates, search functionality in mapping sections, and navigation links to drilldown event modules.
    • Robust error handling and logging improvements for alarm ingestion and API interactions.
    • Mid-server routing resilience to maintain connectivity in failure scenarios.

    Fixes and Improvements

    • Resolved access and permission issues affecting security analysts querying tables and creating incidents from SIEM ingestion.
    • Fixed scheduling and script execution errors, including "LogRhythm Data Cleanup" and "One-Time Retrieval" scheduling issues.
    • Corrected ACL misconfigurations and password policy enhancements to strengthen security posture.
    • Addressed mapping errors related to alarm fields, CMDB CI fields, and date/time conversions to ensure data integrity within ServiceNow.
    • Improved user guidance with updated tooltips and warning messages for data ingestion scenarios where no alarms are generated.

    What ServiceNow Customers Can Expect

    Customers using the LogRhythm integration can expect a secure, reliable, and configurable connection between LogRhythm SIEM alarms and ServiceNow Security Incident Response workflows. The integration provides comprehensive controls to customize alarm ingestion, mapping, and incident management while enhancing security through stricter role enforcement and field protections. Regular updates have improved stability, resolved access issues, and introduced Flow Designer workflows to streamline automation. These enhancements enable security teams to respond faster and more effectively to threats detected by LogRhythm within the ServiceNow environment.

    Version history for the Security Operations LogRhythm integration on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 11.2.3 - June 2026
    Fixed: Access issues for Security Analyst while querying tables.
    Version 11.2.2 - May 2026
    • Fixed:
      • SIRs are not created from SIEM ingestion due to "Secure Notes" access issue to the Crypto module since the Yokohama upgrade was fixed.
      • Access issues for Security Analyst on querying tables.
    Version 11.2.1 - December 2025
    • New:
      • Upgraded all dictionary-level read-only fields to Strict Read-Only to improve security and prevent unauthorized changes. This ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
      • Replaced all occurrences of the admin role within the integration logic with the more restrictive sn_si.admin role to ensure proper access control and adherence to least-privilege principles.
    • Fixed:
      • System property "Max Security Incident can be created in a day" not working.
      • Schedule Script "LogRhythm Data Cleanup" not executing.
    Version 11.1.10 - April 2025

    Fixed:

    • CMDB_CI mapping getting failed for "Configuration Item" field on Logrhythm.
    • Configuring CI Under Mapping Screen SIR Not Getting Created.
    Version 11.1.9 - November 2024
    Changed: Migrated default workflows to flows using Flow Designer.
    Version 11.1.8 - April 2024
    Fixed: Misconfiguration of table/field ACLs is corrected.
    Version 11.1.5 - November 2023
    Changed: Minor UI updates to render the profile mapping page.
    Version 11.1.4 - May 2023
    Fixed: One-Time Retrieval was not working on the scheduling page in LogRhythm profile when we change the date format to DD-MM-YYYY, this is now fixed.
    Version 11.1.2 - September 2022
    • Fixed:
      • Error while checking and unchecking the Since date checkbox.
      • DeDup changes and Invalidate cache cleanup.
      • If no data is generated within seven days of any rule, then a Warning/Error message should be thrown saying 'No data found' as no alarms were generated recently other than Heartbeat missed.
      • Tooltip for Pull alarm button says 'This gets sample offense data from IBM Qradar server,' which needs to change to 'This gets sample alarms from Logrhythm.'
      • Improve the logging for LogRhythm Event Ingestion.
    Version 11.1.1 - May 2022
    • New: Migration of APIs from REST to SOAP.
    • Changed:
      • Updated the integration tile and introduced alarm By ID API in Profile and Scheduled Job.
      • Removal of alarm rule selection from profile set up.
      • An additional options section has been introduced in the profile.
    Version 11.0.9 - November 2021
    Fixed: Added additional password related policies
    Version 11.0.8 - August 2021
    Fixed: Resolved an issue with the mapping of alarm fields to SIR reference fields, while creating security incidents from alarms.
    Version 11.0.7 - February 2021
    Fixed: The LogRhythm date fields [YY-MM-DDTHH:MM:SS] now map correctly in the ServiceNow AI Platform using the Glide DateTime format.
    Version 11.0.6 - December 2020
    • New:
      • Added Related List on the Security Incident Form containing all raw base events related to the LogRhythm Alarm.
      • Mapping section of the Alarm Profile includes a search function to easily find Alarm Fields by name.
      • Added a navigation link to the LogRhythm Drilldown Event module to view the list of all raw base events.
      • Support for multi-valued field mappings of Configuration Item and Observable when multiple raw base events related to the LogRhythm Alarm contain different values for these mapped fields.
    • Fixed: Mid server routing is maintained based on configured selection(s) even in failure scenarios
    Version 5.0.4 - July 2019
    • New: Recertified for New York
    • Fixed: Improved exception handling when LogRhythm API returns error code
    Version 5.0.3 - November 2018
    • Flexibility to create multiple alarm profiles such as phishing and malware
    • Drag-and-drop mapping of LogRhythm alarm field values to associated SIR security incident fields
    • A preview of the SIR security incident layout based on sample alarms to validate configuration set-up
    • Ingest historical alarms as well as ongoing, future alarms on configurable intervals
    • Automated alarm close out upon incident closure, which includes a SIR security incident ID and URL for easy linking