Security Operations CrowdStrike Falcon Intelligence integration release notes

Release version: Store

Updated June 11, 2026

2 minutes to read

Summarize

Summarized using AI

Summary of Security Operations CrowdStrike Falcon Intelligence integration release notes

The Security Operations CrowdStrike Falcon Intelligence integration enhances threat detection and response capabilities within ServiceNow by leveraging CrowdStrike’s threat intelligence. These release notes document the version history, highlighting new features, fixes, and changes that improve security, usability, and integration performance over time.

Show full answer Show less

Key Features

Enhanced Security Controls: Version 10.8.0 upgraded dictionary-level read-only fields to Strict Read-Only, ensuring consistent enforcement of read-only behavior across UIs, scripts, and integrations to prevent unauthorized changes.
Improved Threat Lookup: Multiple versions introduced enhancements to the threat lookup workflow, including migration to Flow Designer (v10.7.0), improved indicator type handling for better malicious confidence scoring (v10.8.1), and an automated threat lookup filter to avoid duplicate queries within a set duration (v10.5.0).
Integration with Security Incident Response Workspace: Added support for type changes to align with the Security Incident Response workspace (v10.5.1).
Authentication Enhancements: Support for OAuth2 authentication was introduced (v10.3.1), requiring API Client ID and Secret for secure configuration.
API and Permissions Updates: Added CrowdStrike user strings in outbound HTTP calls, and introduced 'IOC Manager APIs' read/write permissions for API keys (v10.4.1).
Key Management: Integration with the Key Management Framework plugin to manage password fields securely (v10.3.3).
Threat Lookup Finding Calculator: Calculates findings based on response data and maps third-party computed results to system-supported findings for accurate threat analysis (v10.5.0).
Query Range Access Controls: Added query range ACLs to control access to CrowdStrike intelligence queries (v10.8.2).

Practical Impact for ServiceNow Customers

Improved security and control over data integrity via strict read-only enforcement and enhanced authentication methods.
More accurate and efficient threat intelligence lookups, reducing redundant queries and improving confidence in malicious indicator identification.
Smoother integration with ServiceNow Security Incident Response workflows, enabling better incident management.
Expanded API capabilities and permission management to support secure and flexible integration setups.
Support for modern authentication standards (OAuth2) ensuring compliance with security best practices.

Next Steps

To benefit from these improvements, customers should review their current integration configurations—especially if upgrading from versions prior to v10.3.1—due to the OAuth2 authentication change requiring new setup with API Client credentials. It is also recommended to verify permission settings and leverage the new automated threat lookup filters and strict read-only field configurations to enhance security and operational efficiency.

Version history for the Security Operations CrowdStrike Falcon Intelligence integration on the ServiceNow Store.

Important:

For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

Version history

Version 10.8.2 - June 2026

New: Added query range ACLS for CrowdStrike Intel.

Version 10.8.1 - March 2026

Fixed: The CrowdStrike Indicators API now incorporates indicator types in threat lookup, resulting in improved malicious confidence.

Version 10.8.0 - December 2025

New: Upgraded all dictionary-level read-only fields to Strict Read-Only to improve security and prevent unauthorized changes.This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.

Version 10.7.0 - August 2024

Changed: Migrated Threat lookup workflow to flow designer.

Version 10.5.2 - March 2024

Fixed: Run threat lookup action for CrowdStrike Falcon Intelligence indicators now updates the results without the indicators.

Version 10.5.1 - February 2023

New: Added type changes to support the Security Incident Response workspace.

Version 10.5.0 - November 2022

New:
- Introducing a filter that allows running automated threat lookup on an observable only once within a configured duration. Any re-runs for the same observable will be skipped until the configured duration/period has passed.
- Introducing a threat lookup finding calculator, which calculates the findings based on the responses received. For third-party integrations that provide the computed results, the threat lookup finding calculator maps the results to supported findings in the system.

Version 10.4.1 - October 2021

New:
- Add Crowdstrike User string in outbound HTTP calls
- Added 'IOC Manager APIs' read and write permissions as required for the corresponding API key
Fixed: Added additional password-related policies

Version 10.3.3 - December 2020

Changed: With Key Management Framework plugin, developers will have an ability to manage keys used for Password2 fields through crypto module definition.

Version 10.3.1 - October 2020

Changed: The integration now supports OAUTH2 authentication. This update requires the user to enter the API Client ID and the API Client Secret to authenticate and complete the configuration. If you are upgrading the integration from a previous version, then you must delete the existing configuration and set up a new configuration. The new integration supports OAUTH2 authentication. This update requires you to enter the API Client ID and the API Client Secret to authenticate and complete the configuration.

Version 10.0.0 - September 2020

New: Implementation Flow to support the new capability framework (v2.0)

Version 10.0.0 - March 2020

New: Implementation Flow to support the new capability framework (v2.0)