LogRhythm integration release notes

  • Release version: Store
  • Updated June 11, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of LogRhythm integration release notes

    The LogRhythm integration for ServiceNow Security Operations has undergone multiple updates to enhance security, usability, and functionality. These release notes detail version changes from 2018 to 2026, focusing on fixes, new features, and improvements that help customers efficiently ingest, map, and manage security alarms and incidents from LogRhythm SIEM within ServiceNow.

    Show full answer Show less

    Key Features and Enhancements

    • Security and Access Control Improvements: Starting with version 11.2.1, dictionary-level fields were upgraded to Strict Read-Only, and the integration's admin role was replaced with a more restrictive snsi.admin role to enforce least-privilege access.
    • Alarm and Incident Mapping: Enhanced field mapping capabilities including drag-and-drop mapping, support for multi-valued fields from multiple raw base events, and fixes to correct mapping issues for configuration items and observables.
    • Data Ingestion and Workflow: Support for both historical and ongoing alarm ingestion on configurable intervals, with migration from REST to SOAP APIs and workflows transitioned to Flow Designer for better automation and control.
    • User Interface Updates: Minor UI improvements to profile mapping pages, addition of search functions in alarm field mappings, and related lists on security incident forms to view raw base events.
    • Error Handling and Logging: Enhanced exception handling for API errors, improved logging during event ingestion, and system property fixes to control incident creation limits and scheduled script execution.
    • Alarm Management: Automated alarm closure upon incident resolution, introduction of alarm-by-ID API, and removal of alarm rule selection from profile setup for streamlined configuration.

    Key Outcomes for ServiceNow Customers

    • Improved security posture by enforcing strict read-only access and refined admin roles within the integration, helping prevent unauthorized changes.
    • More reliable and accurate incident generation from LogRhythm alarms due to fixes in field mappings and access permissions.
    • Greater flexibility in alarm profile management, including creating multiple profiles for different threat types like phishing and malware.
    • Simplified configuration and validation processes with UI enhancements and preview capabilities for incident layouts.
    • Enhanced operational efficiency through automated alarm lifecycle management and improved workflows leveraging ServiceNow Flow Designer.
    • Better visibility into raw event data related to alarms, facilitating deeper investigation and response within the ServiceNow platform.

    Version history for the Security Operations LogRhythm integration on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 11.2.3 - June 2026
    Fixed: Access issues for Security Analyst while querying tables.
    Version 11.2.2 - May 2026
    • Fixed:
      • SIRs are not created from SIEM ingestion due to "Secure Notes" access issue to the Crypto module since the Yokohama upgrade was fixed.
      • Access issues for Security Analyst on querying tables.
    Version 11.2.1 - December 2025
    • New:
      • Upgraded all dictionary-level read-only fields to Strict Read-Only to improve security and prevent unauthorized changes. This ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
      • Replaced all occurrences of the admin role within the integration logic with the more restrictive sn_si.admin role to ensure proper access control and adherence to least-privilege principles.
    • Fixed:
      • System property "Max Security Incident can be created in a day" not working.
      • Schedule Script "LogRhythm Data Cleanup" not executing.
    Version 11.1.10 - April 2025

    Fixed:

    • CMDB_CI mapping getting failed for "Configuration Item" field on Logrhythm.
    • Configuring CI Under Mapping Screen SIR Not Getting Created.
    Version 11.1.9 - November 2024
    Changed: Migrated default workflows to flows using Flow Designer.
    Version 11.1.8 - April 2024
    Fixed: Misconfiguration of table/field ACLs is corrected.
    Version 11.1.5 - November 2023
    Changed: Minor UI updates to render the profile mapping page.
    Version 11.1.4 - May 2023
    Fixed: One-Time Retrieval was not working on the scheduling page in LogRhythm profile when we change the date format to DD-MM-YYYY, this is now fixed.
    Version 11.1.2 - September 2022
    • Fixed:
      • Error while checking and unchecking the Since date checkbox.
      • DeDup changes and Invalidate cache cleanup.
      • If no data is generated within seven days of any rule, then a Warning/Error message should be thrown saying 'No data found' as no alarms were generated recently other than Heartbeat missed.
      • Tooltip for Pull alarm button says 'This gets sample offense data from IBM Qradar server,' which needs to change to 'This gets sample alarms from Logrhythm.'
      • Improve the logging for LogRhythm Event Ingestion.
    Version 11.1.1 - May 2022
    • New: Migration of APIs from REST to SOAP.
    • Changed:
      • Updated the integration tile and introduced alarm By ID API in Profile and Scheduled Job.
      • Removal of alarm rule selection from profile set up.
      • An additional options section has been introduced in the profile.
    Version 11.0.9 - November 2021
    Fixed: Added additional password related policies
    Version 11.0.8 - August 2021
    Fixed: Resolved an issue with the mapping of alarm fields to SIR reference fields, while creating security incidents from alarms.
    Version 11.0.7 - February 2021
    Fixed: The LogRhythm date fields [YY-MM-DDTHH:MM:SS] now map correctly in the ServiceNow AI Platform using the Glide DateTime format.
    Version 11.0.6 - December 2020
    • New:
      • Added Related List on the Security Incident Form containing all raw base events related to the LogRhythm Alarm.
      • Mapping section of the Alarm Profile includes a search function to easily find Alarm Fields by name.
      • Added a navigation link to the LogRhythm Drilldown Event module to view the list of all raw base events.
      • Support for multi-valued field mappings of Configuration Item and Observable when multiple raw base events related to the LogRhythm Alarm contain different values for these mapped fields.
    • Fixed: Mid server routing is maintained based on configured selection(s) even in failure scenarios
    Version 5.0.4 - July 2019
    • New: Recertified for New York
    • Fixed: Improved exception handling when LogRhythm API returns error code
    Version 5.0.3 - November 2018
    • Flexibility to create multiple alarm profiles such as phishing and malware
    • Drag-and-drop mapping of LogRhythm alarm field values to associated SIR security incident fields
    • A preview of the SIR security incident layout based on sample alarms to validate configuration set-up
    • Ingest historical alarms as well as ongoing, future alarms on configurable intervals
    • Automated alarm close out upon incident closure, which includes a SIR security incident ID and URL for easy linking