Back to List
Combined Threat Intelligence release notes for upgrades from Rome to San Diego
Consolidated page of all release notes for Threat Intelligence from Rome to San Diego.
How to use this page
To help you prepare for your upgrade, we have combined the cross-family Threat Intelligence release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Rome to San Diego.
Tip: If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Orlando, the row says “No updates for this release.”
Important information for upgrading Threat Intelligence to San Diego
Before you upgrade to San Diego, review these pre- and post-upgrade tasks and complete the tasks as needed.
| Release | Release notes |
|---|---|
| Rome | No updates for this release. |
| San Diego | No updates for this release. |
New features
Between your current release family and San Diego, new features were introduced for Threat Intelligence.
Rome
- MITRE-ATT&CK framework overview
- The MITRE-ATT&CK framework is a knowledge base of common tactics, techniques, and procedures (TTP) that your organization can access to develop specific threat models and methodologies against cyberattacks.
- (Threat Intelligence 13.0.0) The following new features and enhancements have been made to the MITRE-ATT&CK framework which improves the Now Platform SOAR capabilities that enable proactive analysis, response, and reporting on threats across the security infrastructure.
- Map data component to maintain a relationship between the data sources, data components, and the various techniques. Map the data sources with the additional context of data components that provides an extra sublayer of context to data sources that enable you to understand adversary behaviors in MITRE-ATT&CK better.
- You can now modify the MITRE information appended to a security incident after the security incident is closed.
- An alert field is introduced in the security incident form. You can save the alert or event rule that triggered an alert. You can automate the MITRE-ATT&CK TTP association to security incidents based on the Detection rule to TTP mapping.
- You can roll up MITRE-ATT&CK TTP info from child security incidents to parent security incidents.
- Introduced the mitigation coverage mapping and its associated heat map views that enables you to evaluate your organization’s mitigation coverage.
- Introduced the threat actor to TTP mapping and its associated heat map views that enables you to view the number of threat actors using a specific technique for an attack.
- You can now create custom heat map views which can be exported and imported into your Now Platform environment.
- This release features the following new dashboards:
- MITRE-ATT&CK Techniques by Detection Coverage
- MITRE-ATT&CK Techniques by Mitigation Coverage
- Threat Groups by MITRE-ATT&CK Technique
- CVEs by MITRE-ATT&CK Technique
- The Case Management feature has been updated to support the MITRE-ATT&CK framework. You can now associate TTPs to a security case, view the MITRE-ATT&CK card in case management, and use the Threat Actors and Intrusion set artefacts in case management.
San Diego
No updates for this release.
Changes
Between your current release family and San Diego, some changes were made to existing Threat Intelligence features.
| Release | Release notes |
|---|---|
| Rome | No updates for this release. |
| San Diego | No updates for this release. |
Removed
Between your current release family and San Diego, some Threat Intelligence features or functionality were removed.
| Release | Release notes |
|---|---|
| Rome | No updates for this release. |
| San Diego | No updates for this release. |
Deprecations
Between your current release family and San Diego, some Threat Intelligence features or functionality were deprecated.
| Release | Release notes |
|---|---|
| Rome | No updates for this release. |
| San Diego | No updates for this release. |
Activation information
Review information on how to activate Threat Intelligence.
| Release | Release notes |
|---|---|
| Rome | Install Threat Intelligence by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes. |
| San Diego | No updates for this release. |
Additional requirements
If any additional requirements were introduced or changed for Threat Intelligence we have noted them here.
| Release | Release notes |
|---|---|
| Rome | No updates for this release. |
| San Diego | No updates for this release. |
Browser requirements
If any specific browser requirements were introduced or changed for Threat Intelligence we have noted them here.
| Release | Release notes |
|---|---|
| Rome | No updates for this release. |
| San Diego | No updates for this release. |
Accessibility information
Review details on accessibility information for Threat Intelligence, such as specific requirements or compliance levels.
| Release | Release notes |
|---|---|
| Rome | No updates for this release. |
| San Diego | No updates for this release. |
Localization information
If there are specific localization considerations for Threat Intelligence we have noted them here.
| Release | Release notes |
|---|---|
| Rome | No updates for this release. |
| San Diego | No updates for this release. |
Highlight information
If there are specific highlight considerations for Threat Intelligence we have noted them here.
Rome
- Access and provide a point of reference for your company’s Structured Threat Information Expression (STIX) data.
- Search threat feeds automatically for relevant information when an IoC is connected to a security incident.
- Send IoCs to third-party sources for additional analysis.
- Analyze threats to your organization from targeted campaigns or state actors.
San Diego
No updates for this release.
