Microsoft Graph Security API Alert Ingestion integration for Security Operations release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Microsoft Graph Security API Alert Ingestion integration for Security Operations release notes

    The Microsoft Graph Security API Alert Ingestion integration for Security Operations on the ServiceNow Store enables automatic fetching of security alerts from multiple providers through a unified API. These alerts are converted into security incidents within ServiceNow, facilitating streamlined incident management and automated response actions. The integration acts as a broker connecting various Microsoft-native and partner security sources, enhancing your organization's security operations efficiency.

    Show full answer Show less

    Key Features and Updates

    • Alert Ingestion and Mapping: The integration automatically ingests alerts and maps MITRE ATT&CK data from Microsoft Graph Security alerts directly into Security Incident Response (SIR) fields, improving threat analysis and incident context.
    • Enhanced Security Controls: Upgrades dictionary-level read-only fields to Strict Read-Only, ensuring consistent enforcement of read-only settings across UI, scripts, and integrations to prevent unauthorized changes.
    • Improved Alert Handling: Enhancements to alert ingestion mechanisms prevent missing alerts during polling intervals and support robust error handling for HTTP failures.
    • Configuration and Usability Fixes: Resolved issues such as credential validation errors, UI inconsistencies including dark theme application, and scheduling date format handling.
    • Performance and Compatibility: Performance improvements and updates to dependent applications ensure smooth integration with the latest ServiceNow platform capabilities.
    • Key Management: Integration with the Key Management Framework plugin allows developers to securely manage cryptographic keys used for sensitive password fields.
    • API Upgrades: Upgraded to Microsoft Graph Security API V2.0, offering improved capabilities and extended support for security incident mapping.

    Practical Benefits for ServiceNow Customers

    • Streamlines ingestion of diverse security alerts into a centralized incident response system, reducing manual effort and accelerating threat response.
    • Improves data accuracy and security by enforcing strict read-only fields and supporting secure key management.
    • Enhances visibility into threats with direct mapping of MITRE ATT&CK framework data, aiding in comprehensive analysis and prioritization.
    • Ensures reliability and performance with continuous fixes addressing alert filtering, scheduling, and UI usability.
    • Maintains compatibility with evolving ServiceNow platform versions and dependent security plugins to support ongoing operational stability.

    Additional Notes

    For detailed system requirements and compatibility information, customers should refer to the Microsoft Graph Security API Alert Ingestion application listing on the ServiceNow Store website.

    Version history for the Microsoft Graph Security API Alert Ingestion integration for Security Operations on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 10.5.3 - June 2026
    Changed: Replaced hardcoded endpoint path to system properties.
    Version 10.5.2 - March 2026
    Fixed: Reintroduced a new column to filter alerts.
    Version 10.5.1 - February 2026
    Fixed: Successful validation message getting displayed during configuration tile validation despite invalid credentials.
    Version 10.5.0 - December 2025
    New: Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes.This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
    Version 10.4.13 - August 2025
    Fixed: Improved Handling of Next Poll Date for Microsoft Graph Security Alert Integration on HTTP Failures.
    Version 10.4.8 - May 2024
    The dependency on the new UI is removed.
    Version 10.4.7 - November 2023
    Fixed: Updated the dependent application's (Common Plugin for SecOps SIEM Integration) version to the latest version.
    Version 10.4.6 - May 2023
    • New:
      • The Microsoft Graph Security API - ServiceNow Security Incident Response integration has been upgraded to V2.0 API.
      • Provides you with the ability to map MITRE ATT&CK data in the Graph Security alert to the MITRE ATT&CK field in the security incident.
    • Fixed:
      • One-Time Retrieval is not working on the scheduling page of the profile when we change the date format to dd-MM-YYYY for the Graph Security API.
      • Microsoft Graph Security API Alert Ingestion Integration: Dark theme is not applied to all fields.
    Version 10.4.5 - September 2022
    Changed: Performance fix.
    Version 10.4.4 - June 2022
    Fixed: When there is a Business Rule on Observable/CI and task M2M records, which updates the SIR fields automatically. This occurs since SIR was not persisted at the creation time using SIEM, and the SIR fields are not getting updated. This issue has been resolved, and now SIR would persist first in DB, and then the M2M records are created.
    Version 10.4.2 - December 2021
    Fixed: UI fixes.
    Version 10.4.1 - October 2021
    Fixed: Added additional password-related policies.
    Version 10.4.0 - May 2021
    • Changed: When multiple alert fields are mapped to a SIR field and if one of the alert field value is NULL or blank, that doesnt empty the SIR field instead will map the values available.
    • New: Alerts ingestion mechanism is improved to avoid missing alerts injestion during polling intervals
    Version 10.3.3 - December 2020
    Changed: With Key Management Framework plugin, developers will have an ability to manage keys used for Password2 fields through crypto module definition.
    Version 10.0.6 - May 2020
    • The Microsoft Graph Security API is an intermediary service (or broker) that provides a single programmatic interface to connect multiple security providers (Native to Microsoft as well as ServiceNow Partners).
    • The Microsoft Graph Security Alert Ingestion integration allows you to automatically fetch alerts from multiple security providers and convert them into security incidents and enable automated response actions.