IBM QRadar Offense Ingestion for Security Operations release notes

  • Release version: Store
  • Updated June 11, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of IBM QRadar Offense Ingestion for Security Operations Release Notes

    The IBM QRadar Offense Ingestion for Security Operations integration automates the ingestion of correlated security events from IBM QRadar into ServiceNow Security Incident Response (SIR). This integration enhances incident automation by dynamically mapping offense data to ServiceNow security incidents, streamlining threat detection and response workflows for your security operations.

    Show full answer Show less

    For system requirements and compatibility details, refer to the application listing on the ServiceNow Store.

    Key Features and Enhancements

    • Offense and Incident Ingestion: Supports fetching correlated offenses and closed incidents from IBM QRadar into ServiceNow to maintain up-to-date incident data.
    • Dynamic Field Mapping: Improved mapping of custom offense fields and event information to ServiceNow records, ensuring accurate data synchronization.
    • Enhanced Data Presentation: New strategies enable offense data display without relying on CMDB or identity tables, improving flexibility in diverse environments.
    • Security Improvements: Enforced strict read-only status on dictionary-level fields to prevent unauthorized changes across UI, scripts, and integrations.
    • Performance Optimizations: Reduced latency and improved throughput during offense ingestion, resulting in faster availability of security events for analysis.
    • Integration Settings Enhancements: Added overlapping properties and handled specific HTTP responses (e.g., 206 status code) to improve robustness.
    • Authentication Updates: Transitioned to IBM QRadar API authorized service tokens to support both on-premises and cloud deployments.
    • UI and Usability Fixes: Addressed issues with event data previews, scheduling, and profile states to ensure smooth operation and user experience.

    Practical Impact for ServiceNow Customers

    • Automate and streamline the ingestion of security offenses from IBM QRadar, reducing manual effort and accelerating incident response.
    • Maintain accurate and comprehensive security incident records with improved field mapping and incident closure synchronization.
    • Benefit from enhanced security controls within the integration to protect data integrity and prevent unauthorized modifications.
    • Experience improved performance and reduced delays in offense ingestion, enabling faster threat detection and investigation.
    • Support for both cloud and on-premises QRadar deployments offers flexibility in diverse IT environments.

    Version History Highlights

    • 10.7.4 (June 2026): Fixed duplicate security incident report (SIR) creation and addressed query access control.
    • 10.7.1 (March 2026): Added ADE rules fetching, improved offense data presentation, and fixed multiple mapping and data retrieval issues.
    • 10.6.0 (January 2026): Enabled fetching of closed incidents to keep incident statuses synchronized.
    • 10.5.0 (December 2025): Upgraded dictionary fields to strict read-only for enhanced security enforcement.
    • 10.4.x (2024 - 2025): Series of fixes and optimizations improving ingestion efficiency, UI stability, and data accuracy.
    • 10.1.0 (May 2020): Switched to API token authentication for broader deployment support.

    Version history for the IBM QRadar Offense Ingestion for Security Operations on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 10.7.4 - June 2026
    • Fixed:
      • Duplicate SIR creation issue for single offense in IBM Qradar.
      • Cobalt Raven Non-Glide Query ACLs Directive.
    Version 10.7.3 - April 2026
    • Fixed:
      • SIR creation issue in case of secure notes mapping.
      • Preview Section so that Event Data is now displayed correctly.
    Version 10.7.1 - March 2026
    • New:
      • Added support to fetch ADE Rules from IBM QRadar into Security Incident Response.
      • Introduced strategies to present offense data without dependency on CMDB or identity tables in the QRadar Offense Ingestion integration with SIR.
    • Fixed:
      • Custom offense fields that were not being retrieved, preventing proper field mapping during ingestion.
      • Event information that was not being mapped correctly during QRadar profile ingestion.
      • "Fetch Sample Data" feature, which was failing.
      • Offense fields mapping to Security Incident Records
    Version 10.6.1 - February 2026
    Fixed: "Fetch Sample Data" functionality on the mapping screen for IBM QRadar SIEM Offense Ingestion.
    Version 10.6.0 - January 2026
    New: Added support for fetching closed incidents from IBM QRadar into Security Incident Response.
    Version 10.5.0 - December 2025
    New: Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes. This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
    Version 10.4.20 - October 2025
    Fixed:
    • Optimized the offense ingestion process to handle events efficiently. These improvements reduce latency, improve throughput, and ensure faster availability of ingested offenses for analysis and investigation.
    • Qradar ingestion not working for On-prem deployments.
    • Not able to edit existing Field translations.
    Version 10.4.19 - September 2025
    Fixed: Optimized the offense ingestion process to handle events efficiently. These improvements reduce latency, improve throughput, and ensure faster availability of ingested offenses for analysis and investigation.
    Version 10.4.14 - November 2024
    Fixed: Fixed an issue where QRadar profile gets stuck in running state when system is restarted or shut down.
    Version 10.4.13 - May 2024
    The dependency on the new UI is removed.
    Version 10.4.12 - March 2024
    Fixed the issue of same offense ID in multiple Qradar instances.
    Version 10.4.9 - November 2023
    Fixed: One-time retrieval was not working on the Scheduling page of the profile in QRadar integration when the date format was changed to DD-MM-YYYY.
    Version 10.4.7 - May 2023
    Fixed: Handle 206 status code response from QRadar in Offense Ingestion.
    Version 10.4.4 - September 2022
    • New: Added overlapping properties to integration settings.
    • Fixed: Update 'start_time' to 'first_persisted_time' to avoid missing offenses.
    Version 10.4.3 - March 2022
    • Changed: Updated AngularJS library version.
    • Fixed:
      • Updated IBM QRadar close codes in the Additional Options stage.
      • Creating Blank SIR (skipping SIR sequence) when M2M mapping is done for Observable/CIs in Profile.
    Version 10.4.2 - December 2021
    Fixed: UI changes.
    Version 10.4.1 - December 2020
    Fixed: This release contains minor accessibility fixes.
    Version 10.4.0 - November 2020
    • Changed:
      • Modified the QRadar rule selection logic to fetch all the offenses generated by SYSTEM, OVERRIDE, and USER rules that are active.
      • Performance improvements.
    • Fixed: Minor bugs.
    Version 10.3.1 - June 2020
    Fixed: Minor bug fixes and improvements.
    Version 10.1.0 - May 2020
    Changed: Authentication method changed to IBM QRadar API authorized service token to support both QRadar on-premises and QRadar on Cloud.
    Version 10.0.2 - March 2020
    IBM QRadar is a market-leading solution for collecting, correlating, and reporting on security event information. This integration will be used to automate ingestion of correlated events from IBM QRadar and improve the ability to automate creation of security incidents in the ServiceNow platform through dynamic mapping.