IBM QRadar Offense Ingestion for Security Operations release notes

  • Release version: Store
  • Updated June 11, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of IBM QRadar Offense Ingestion for Security Operations release notes

    The IBM QRadar Offense Ingestion for Security Operations integration automates the ingestion of correlated security events from IBM QRadar into the ServiceNow platform. It enhances the automation of security incident creation through dynamic mapping, improving incident response efficiency for ServiceNow customers using QRadar.

    Show full answer Show less

    This integration supports both IBM QRadar on-premises and QRadar on Cloud environments by using IBM QRadar API authorized service tokens.

    Key Features and Updates

    • Offense and Incident Ingestion Enhancements: The integration reliably ingests offenses and closed incidents from QRadar into Security Incident Response (SIR), including improved handling of event data and custom offense fields for accurate mapping.
    • Performance and Reliability Improvements: Optimizations reduce latency and increase throughput in offense ingestion, ensuring faster availability of data for analysis and investigation.
    • Security Enhancements: Dictionary-level fields have been upgraded to Strict Read-Only to prevent unauthorized changes across all user interfaces, scripts, and integrations.
    • New Functionalities: Support for fetching ADE Rules from QRadar into SIR, strategies to present offense data without CMDB or identity table dependencies, and additional integration settings such as overlapping properties.
    • Bug Fixes: Resolutions for duplicate SIR creation, secure notes mapping issues, scheduling errors, profile state persistence, status code handling, and UI improvements ensure smoother operation.
    • Compatibility and Usability: Removal of dependency on the new UI, updates to AngularJS library, and fixes for date format handling in scheduling improve user experience and integration stability.

    What ServiceNow Customers Can Expect

    • Automated, accurate ingestion of IBM QRadar offenses and incident data into Security Incident Response, enabling faster and more reliable security incident creation.
    • Improved performance and reduced delays in offense data processing, supporting timely investigation and response.
    • Enhanced security controls within the integration to maintain data integrity and prevent unauthorized modifications.
    • Flexibility to operate in diverse QRadar deployment environments with updated authentication methods and reduced dependencies on external data tables.
    • Ongoing fixes and incremental improvements based on customer feedback to ensure a stable and efficient integration experience.

    Version history for the IBM QRadar Offense Ingestion for Security Operations on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 10.7.4 - June 2026
    • Fixed:
      • Duplicate SIR creation issue for single offense in IBM Qradar.
      • Cobalt Raven Non-Glide Query ACLs Directive.
    Version 10.7.3 - April 2026
    • Fixed:
      • SIR creation issue in case of secure notes mapping.
      • Preview Section so that Event Data is now displayed correctly.
    Version 10.7.1 - March 2026
    • New:
      • Added support to fetch ADE Rules from IBM QRadar into Security Incident Response.
      • Introduced strategies to present offense data without dependency on CMDB or identity tables in the QRadar Offense Ingestion integration with SIR.
    • Fixed:
      • Custom offense fields that were not being retrieved, preventing proper field mapping during ingestion.
      • Event information that was not being mapped correctly during QRadar profile ingestion.
      • "Fetch Sample Data" feature, which was failing.
      • Offense fields mapping to Security Incident Records
    Version 10.6.1 - February 2026
    Fixed: "Fetch Sample Data" functionality on the mapping screen for IBM QRadar SIEM Offense Ingestion.
    Version 10.6.0 - January 2026
    New: Added support for fetching closed incidents from IBM QRadar into Security Incident Response.
    Version 10.5.0 - December 2025
    New: Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes. This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
    Version 10.4.20 - October 2025
    Fixed:
    • Optimized the offense ingestion process to handle events efficiently. These improvements reduce latency, improve throughput, and ensure faster availability of ingested offenses for analysis and investigation.
    • Qradar ingestion not working for On-prem deployments.
    • Not able to edit existing Field translations.
    Version 10.4.19 - September 2025
    Fixed: Optimized the offense ingestion process to handle events efficiently. These improvements reduce latency, improve throughput, and ensure faster availability of ingested offenses for analysis and investigation.
    Version 10.4.14 - November 2024
    Fixed: Fixed an issue where QRadar profile gets stuck in running state when system is restarted or shut down.
    Version 10.4.13 - May 2024
    The dependency on the new UI is removed.
    Version 10.4.12 - March 2024
    Fixed the issue of same offense ID in multiple Qradar instances.
    Version 10.4.9 - November 2023
    Fixed: One-time retrieval was not working on the Scheduling page of the profile in QRadar integration when the date format was changed to DD-MM-YYYY.
    Version 10.4.7 - May 2023
    Fixed: Handle 206 status code response from QRadar in Offense Ingestion.
    Version 10.4.4 - September 2022
    • New: Added overlapping properties to integration settings.
    • Fixed: Update 'start_time' to 'first_persisted_time' to avoid missing offenses.
    Version 10.4.3 - March 2022
    • Changed: Updated AngularJS library version.
    • Fixed:
      • Updated IBM QRadar close codes in the Additional Options stage.
      • Creating Blank SIR (skipping SIR sequence) when M2M mapping is done for Observable/CIs in Profile.
    Version 10.4.2 - December 2021
    Fixed: UI changes.
    Version 10.4.1 - December 2020
    Fixed: This release contains minor accessibility fixes.
    Version 10.4.0 - November 2020
    • Changed:
      • Modified the QRadar rule selection logic to fetch all the offenses generated by SYSTEM, OVERRIDE, and USER rules that are active.
      • Performance improvements.
    • Fixed: Minor bugs.
    Version 10.3.1 - June 2020
    Fixed: Minor bug fixes and improvements.
    Version 10.1.0 - May 2020
    Changed: Authentication method changed to IBM QRadar API authorized service token to support both QRadar on-premises and QRadar on Cloud.
    Version 10.0.2 - March 2020
    IBM QRadar is a market-leading solution for collecting, correlating, and reporting on security event information. This integration will be used to automate ingestion of correlated events from IBM QRadar and improve the ability to automate creation of security incidents in the ServiceNow platform through dynamic mapping.