Combined Threat Intelligence Security Center release notes for upgrades from Vancouver to Yokohama

How to use this page

To help you prepare for your upgrade, we have combined the cross-family Threat Intelligence Security Center release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Vancouver to Yokohama.

Tip:

If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."

Important information for upgrading Threat Intelligence Security Center to Yokohama

Before you upgrade to Yokohama, review these pre- and post-upgrade tasks and complete the tasks as needed.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

New features

Between your current release family and Yokohama, new features were introduced for Threat Intelligence Security Center.


Release	Release notes
Vancouver	View Threat Intelligence Security Center Homepage Data visualization to the threat intelligence. Threat Intelligence Security Center Catalog The catalog provides a curated list of Threat Intelligence feeds and enrichment integrations by enabling them after adding the required information, and also schedule the feeds
Washington DC	View Threat Intelligence Security Center Homepage Threat Intelligence Security Center homepage provides the data visualization to the threat intelligence. Threat Intelligence Security Center Catalog The catalog provides a curated list of Threat Intelligence feeds and enrichment integrations by enabling them after adding the required information, and also schedule the feeds Threat Intelligence Feeds Ability that provides the integration of premium feeds to enhance threat intelligence. TISC Enrichment Integrations Enrichment capabilities, for the removal of false positives, confidence/scoring of indicators, validation of indicators, and the addition of contextual information. Administration The Administration module enables the users to define correlation rules for establishing relationships between observables. Customize threat score calculator for nuanced threat assessment and also the integration of internal intelligence encompassing VR, SIR, Assets, Services, and CMDB. TISC integration with SIR Workspace Seamless integration with SIR and data migration capabilities from Threat Intelligence to Threat Intelligence Security Center. Threat Intelligence Security Center Library Threat Analyst library is a dedicated Threat Intel Analyst Workspace for streamlined operations. Threat Analyst Workbench Ability to create cases or case tasks using Threat Analyst Workbench to create and track the threat investigations and analysis activities.
Xanadu	[Placeholder link text to key bundle-security.view-associated-techniques] All observables, indicators, and entities now supports MITRE technique associations. Roll up of MITRE technique associations MITRE techniques can now be rolled up from artifacts at a case level both manually and automatically. Palo Alto Networks integration Integration with Palo Alto is now available to manage External Dynamic Lists (EDLs) directly from TISC. CrowdStrike Falcon EDR integration Integration with CrowdStrike Falcon EDR is now available for continuous monitoring and real-time alerting based on TISC intelligence. Working with Investigation Canvases Introduced a new Investigation Canvas for deeper and interactive case analysis. View details in Relationship Graph Enhanced the user experience on relationship visualizations. Bulk import Taxonomies Supports bulk taxonomy values upload. TISC API References Creating observables in TISC is now available through the implementation of TISC API 2.0. Defining Expiration Rules Define expiration policies at a more granular level by creating expiration rules for data source and record type combinations. Working with Webhooks Initiate trigger-based notifications by using Webhooks. Working with automated flows Automate analyst actions through sample automation flows. Add observables to TISC Case Add security incident and observables directly to a TISC case in the Security Incident Response Workspace. MITRE ATT&CK Technique Extraction Rules Capture automatically extracted MITRE techniques to the intelligence records such as observables, indicators, and all STIX entities.
Yokohama	Microsoft Defender for EDR Integration Integration with the Microsoft Defender for EDR allows Cyber Threat Intelligence (CTI) analysts to automatically push malicious or suspicious IP addresses, domains, file hashes, and URLs to Microsoft Defender for continuous monitoring and real-time alerting. Create a security incident from a TISC case Create security incidents and associate observables to the security incidents from a TISC case. Duplicate threat intelligence feeds Duplicate threat intelligence feeds to create an exact copy of the existing feed.

Changes

Between your current release family and Yokohama, some changes were made to existing Threat Intelligence Security Center features.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	TISC Library Repository New aliases can now be added directly from the form views of the threat intelligence library.
Yokohama	Courses of Action Renamed Course of Actions to Courses of Action. Create Inbound Data Exclusion Rules Renamed Inbound Filtering Rules to Inbound Data Exclusion Rules.

Removed

Between your current release family and Yokohama, some Threat Intelligence Security Center features or functionality were removed.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Deprecations

Between your current release family and Yokohama, some Threat Intelligence Security Center features or functionality were deprecated.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Activation information

Review information on how to activate Threat Intelligence Security Center.


Release	Release notes
Vancouver	Install Threat Intelligence Security Center by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Washington DC	Install Threat Intelligence Security Center by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Xanadu	Install Threat Intelligence Security Center by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes. Security Operations common functionality When any of the plugins for the main Security Operations applications (Security Incident Response, Vulnerability Response, Threat Intelligence, or Configuration Compliance) are activated, the Security Support Common plugin is activated.
Yokohama	Install Threat Intelligence Security Center by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

Additional requirements

If any additional requirements were introduced or changed for Threat Intelligence Security Center we have noted them here.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Browser requirements

If any specific browser requirements were introduced or changed for Threat Intelligence Security Center we have noted them here.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Accessibility information

Review details on accessibility information for Threat Intelligence Security Center, such as specific requirements or compliance levels.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Localization information

If there are specific localization considerations for Threat Intelligence Security Center we have noted them here.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Highlight information

If there are specific highlight considerations for Threat Intelligence Security Center we have noted them here.


Release	Release notes
Vancouver	Threat data collection and curation by assisting the Cyber Threat Intelligence (CTI) teams in organizing and managing threat intelligence gathered from various sources through the collection, processing, and aggregation of data. Threat Hunting helps analysts in searching for threats using curated intelligence and the MITRE Kill Chain Framework. Threat Research: Analysts have the ability to conduct research on threats, supporting the reactive and proactive needs of security teams. The CTI teams can utilize dashboards and assigned threat scores to prioritize the development of defenses against critical threats. Threat investigation helps the teams to create and track threat investigations using the Case Management feature. See Threat Intelligence Security Center for more information.
Washington DC	Threat data collection and curation by assisting the Cyber Threat Intelligence (CTI) teams in organizing and managing threat intelligence gathered from various sources through the collection, processing, and aggregation of data. Threat hunting helps analysts in searching for threats using curated intelligence and the MITRE Kill Chain Framework. Threat Analysts have the ability to conduct research on threats, supporting the reactive and proactive needs of security teams. The Cyber Threat Intelligence teams can utilize the dashboards and assigned threat scores to prioritize the development of defenses against critical threats. Threat investigation helps the teams to create and track threat investigations using the Case Management feature. See Threat Intelligence Security Center for more information.
Xanadu	Visualize node connections between entities like observables, IOCs, and threat actors, and link cases or canvases to enrich analysis. Enable continuous monitoring and real-time alerts based on intelligence from TISC with CrowdStrike Falcon EDR integration. Block malicious IPs, URLs, and domains using External Dynamic List (EDL) capabilities with Threat Intelligence data and Palo Alto Networks integration. Manage the analyst actions through automation flows. Conduct research on threats to support the reactive and proactive needs of security teams. Create and track threat investigations using Case Management. See Threat Intelligence Security Center for more information.
Yokohama	Integrate with Microsoft Defender to enable Cyber Threat Intelligence (CTI) analysts to automatically push malicious or suspicious IP addresses, domains, file hashes, and URLs from TISC to Microsoft Defender. Added creation of security incident directly from a TISC case with an option to associate observable artifacts to the security incident. Enhanced support to export observables, indicators, and cases from the list views in STIX 2.1 JSON, CSV, and Excel formats. Added settings to ingest indicators of interest based on associations to threat actors, threat reports, or malware families, including an option to include indicators deleted on CrowdStrike. Improved Threat Intelligence Feed configuration functionality to create a duplicate copy of the existing feed. See Threat Intelligence Security Center for more information.