Security Incident Response integration with FireEye HX release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Security Incident Response integration with FireEye HX release notes

    The Security Incident Response integration with FireEye HX enables ServiceNow Security Analysts to efficiently investigate and remediate endpoint security incidents by connecting directly with FireEye Endpoint Security (HX series). It simplifies threat inspection, analysis, and containment on endpoints without switching tools, enhancing response speed and effectiveness.

    Show full answer Show less

    Key Features

    • Endpoint Remediation: Network containment allows analysts to perform remediation actions directly on endpoints.
    • Targeted Data Collection: Profiles can be implemented to gather detailed host information for thorough investigation.
    • Specific Endpoint Queries and Actions: Users can perform queries such as network statistics, running services, processes, and logged-on users to gain insights.
    • Enhanced Automation: Migration of workflows to Flow Designer flows improves automation and process efficiency.
    • Security Enhancements: Upgraded read-only fields to strict enforcement and applied security fixes in multiple releases to ensure data integrity and protection.
    • Integration Stability and Support: Improvements to token handling, logging, and compatibility with Analyst Workspace enhance reliability and usability.
    • Table Maintenance: Implementation of Table Cleaner rules manages high-impact ServiceNow tables to maintain system performance.

    Practical Benefits for ServiceNow Customers

    • Streamlines incident response by allowing direct endpoint actions within ServiceNow, reducing tool-switching delays.
    • Improves security posture with stricter access controls and consistent enforcement of read-only fields across all interfaces and integrations.
    • Increases automation capabilities, enabling faster and more reliable incident workflows.
    • Ensures ongoing integration stability with fixes for token handling and error parsing, supporting cloud-based FireEye instances.
    • Maintains system health and performance through targeted cleanup of high-churn tables related to Security Incident Response data.

    Version Highlights

    • 1.1.1 (June 2026): Introduced Query range ACLs to enhance data access control.
    • 1.1.0 (December 2025): Upgraded read-only fields to Strict Read-Only for stronger security enforcement.
    • 1.0.14 (November 2024): Migrated workflows to Flow Designer for better automation.
    • Earlier Releases: Included key fixes for data parsing, token management, security patches, and integration improvements.

    Version history for the Security Incident Response integration with FireEye HX on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 1.1.1 - June 2026
    New: Introduced Query range ACL's in FireEye HX.
    Version 1.1.0 - December 2025
    New: Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes.This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
    Version 1.0.14 - November 2024
    New: Migration of Workflows to Flow Designer flows for Security Incident Response integration with FireEye Sighting Search, by enhancing the automation capabilities and process efficiency.
    Version 1.0.13 - March 2024

    Fixed: Implemented parsing of fixed results from FireEye HX for "Get Network Statistics," "Get Running Services," "Get Running Processes," and "Get Logged On Users" capabilities. The data is now correctly associated with the Security Incident Response module.

    Version 1.0.11 - August 2023
    Fixed: Access Token action parsing script in the Keep-Alive Header of the cloud instance.
    Version 1.0.10 - May 2023
    New: Implement Table Cleaner rules for high impact/churn ServiceNow-owned tables from Security Incident Response for Security Incident Response integration with FireEye HX.
    Version 1.0.8 - February 2023
    • Fixed:
      • Clean up of worknotes.
      • FireEye business rule was deleting any other tiles available for running additional endpoints capability.
      • Action Flatten Response giving null pointer exception.
      • Support for Analyst workspace.
    Version 1.0.7 - November 2022
    • Changed: Utah Mandate: Update snc-app-parent version to 5.0.0.77
    • Fixed:
      • ServiceNow and FireEye Integration: When the Keep-Alive header is not present Get Token action fails for the FireEye cloud instance.
      • Improve the logging for FireEye HX Integration.
    Version 1.0.6 - May 2022
    Fixed: This release includes security fixes.
    Version 1.0.4 - December 2021
    Fixed: This release includes security fixes.
    Version 1.0.3 - October 2021
    Fixed: Added additional password-related policies
    Version 1.0.1 - August 2021
    • New:
      • With FireEye Endpoint Security (HX series), organizations can proactively inspect, analyze, and contain known and unknown threats on any endpoint.
      • The Gold Standard Security Incident Response integration with FireEye HX, makes it easier and efficient for Security Analysts to investigate and remediate security incidents in an instant without having to navigate between tools. You can use network containment to perform remediation actions on the endpoints, implement profiles to gather specific details about the host, and perform specific queries or actions on the endpoint.