ArcSight ESM Event Ingestion for Security Operations release notes

Release version: Store

Updated June 11, 2026

2 minutes to read

Summarize

Summarized using AI

Summary of ArcSight ESM Event Ingestion for Security Operations Release Notes

The ArcSight ESM Event Ingestion integration for Security Operations in ServiceNow enables automated ingestion of correlated security events from ArcSight ESM, a leading security information and event management solution. This integration improves the automation of security incident creation within the ServiceNow platform through dynamic event-to-incident mapping.

Show full answer Show less

Version History and Key Updates

Version 10.5.1 (June 2026): Resolved access issues for Security Analysts querying tables, improving user permissions and experience.
Version 10.5.0 (December 2025): Enhanced security by upgrading dictionary-level read-only fields to Strict Read-Only, ensuring consistent enforcement of read-only behavior across all user interfaces, scripts, and integrations.
Versions 10.4.19 to 10.4.17 (April–August 2025): Fixed issues related to configuration item mapping and sysscope problems, ensuring accurate event-to-incident correlations.
Version 10.4.15 (November 2024): Migrated default workflows to Flow Designer flows, enabling streamlined process automation and easier customization within ServiceNow.
Version 10.4.13 (May 2024): Removed dependency on the new UI, improving compatibility and stability.
Version 10.4.11 (March 2024): Fixed timeout issues with integrations during longer Mid Server wait times to enhance reliability.
Versions 10.4.10 to 10.4.9 (November–December 2023): Addressed ACL misconfigurations and duplicate Restricted Caller Access (RCA) records to reduce errors and improve security access controls.
Earlier versions (2020–2023): Included support for ArcSight related lists/actions in Security Incident Response UI, improved logging, resolved parsing issues, and enhanced scheduling and ID field handling.

Practical Benefits for ServiceNow Customers

Automates ingestion and correlation of security events from ArcSight ESM, supporting faster and more accurate incident creation.
Enhances security and data integrity by enforcing strict read-only controls on critical fields.
Improves user and analyst experience by resolving access and timeout issues, ensuring seamless querying and integration performance.
Supports modern workflow automation through Flow Designer, enabling easier customization and process optimization.
Provides ongoing fixes and enhancements to maintain compatibility, reduce errors, and improve overall system stability.

Additional Information

For full details on system requirements and application compatibility within your ServiceNow environment, customers should refer to the ArcSight ESM Event Ingestion application listing on the ServiceNow Store.

Version history for the ArcSight ESM Event Ingestion integration for Security Operations on the ServiceNow Store.

Important:

For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

Version history

Version 10.5.1 - June 2026

Fixed: Access issues for Security Analyst while querying tables

Version 10.5.0 - December 2025

New: Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes.This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.

Version 10.4.19 - August 2025

Fixed:
- Multiple configuration items not mapping to SIR.
- sys_scope issue in Arcsight ESM.

Version 10.4.17 - April 2025

Fixed: Issue related to the configuration item mapping.

Version 10.4.15 - November 2024

Changed: Migrated default workflows to flows using Flow Designer.

Version 10.4.13 - May 2024

The dependency on the new UI is removed.

Version 10.4.11 - March 2024

Fixed: Time out issues for integrations in case of longer waiting time is expected for midserver.

Version 10.4.10 - December 2023

Fixed: Misconfiguration of table/field ACLs within the com.snc.secops.arcsight plugin. This is now fixed.

Version 10.4.9 - November 2023

Fixed: The Restricted Caller Access (RCA) record causing duplicate entries when the source was trying to access the target source has been deleted. The platform was reading RCA to check whether cross-scope access is allowed for the target resource, and that's when it noticed a duplicate entry and displayed an error.

Version 10.4.8 - May 2023

Fixed:
- One-Time Retrieval was not working on the scheduling page in the profile when you change the date format to DD-MM-YYYY.
- Arcsight event ingestion is truncating values when the ID fields are 19 or more digits.

Version 10.4.6 - September 2022

Fixed:
- Improve the logging for ArcSight ESM Event Ingestion.
- POL_ON tabs were greying out on clicking the continue button.

Version 10.4.5 - May 2022

Fixed:
- When there is a Business Rule on Observable/CI, and task M2M records which update the SIR fields automatically. This occurs since SIR was not persisted at the creation time using SIEM, and the SIR fields are not getting updated. Now SIR would persist first in DB, and then the M2M records are created.
- Records were not getting parsed if only one event was generated in ArcSight.

Version 10.4.4 - December 2021

Fixed: UI changes.

Version 10.4.2 - August 2020

Fixed: Minor bug fixes.

Version 10.4.1 - June 2020

New: Added support for ArcSight related lists and actions to be available in the Security Incident Response UI.

Version 10.0.5 - March 2020

ArcSight ESM is a market-leading solution for collecting, correlating, and reporting on security event information. This integration with ArcSight ESM will be used automate ingestion of correlated events from ArcSight and improve the ability to automate creation of security incidents in the ServiceNow platform through dynamic mapping.