Security Incident Response integration with FireEye HX release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Security Incident Response integration with FireEye HX release notes

    The Security Incident Response integration with FireEye HX enables ServiceNow customers to enhance their threat investigation and remediation capabilities by integrating FireEye Endpoint Security directly into their Security Incident Response workflows. This integration allows security analysts to proactively inspect, analyze, and contain threats on endpoints without switching between platforms, streamlining incident management and response.

    Show full answer Show less

    Key Features

    • Endpoint Threat Management: Perform network containment and remediation actions directly on infected endpoints.
    • Host Profiling and Queries: Gather detailed host information and execute specific queries or actions on endpoints to support investigations.
    • Automation Enhancements: Migration of workflows to Flow Designer flows improves automation efficiency within the Security Incident Response module.
    • Security Improvements: Introduction of strict read-only fields prevents unauthorized changes, ensuring consistent enforcement across UIs, scripts, and integrations.
    • Access and Token Handling: Fixes to token parsing and keep-alive header handling improve integration stability, especially for FireEye cloud instances.
    • Data Parsing Accuracy: Enhanced parsing for network statistics, running services, processes, and logged-on users ensures accurate association with Security Incident Response data.
    • Table Maintenance: Implementation of Table Cleaner rules helps manage high-impact tables to optimize performance.
    • User Interface Support: Compatibility fixes for Analyst Workspace enhance user experience.

    Key Outcomes

    • Improved security and data integrity through strict read-only controls and security fixes.
    • Increased operational efficiency via automation updates and workflow migration to Flow Designer.
    • Enhanced reliability and accuracy of endpoint data integration supporting faster and more accurate incident investigations.
    • Seamless endpoint containment and remediation capabilities reduce time to respond and mitigate threats.
    • Better support for cloud-based FireEye deployments ensures robust token management and connection stability.

    Version history for the Security Incident Response integration with FireEye HX on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 1.1.1 - June 2026
    New: Introduced Query range ACL's in FireEye HX.
    Version 1.1.0 - December 2025
    New: Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes.This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
    Version 1.0.14 - November 2024
    New: Migration of Workflows to Flow Designer flows for Security Incident Response integration with FireEye Sighting Search, by enhancing the automation capabilities and process efficiency.
    Version 1.0.13 - March 2024

    Fixed: Implemented parsing of fixed results from FireEye HX for "Get Network Statistics," "Get Running Services," "Get Running Processes," and "Get Logged On Users" capabilities. The data is now correctly associated with the Security Incident Response module.

    Version 1.0.11 - August 2023
    Fixed: Access Token action parsing script in the Keep-Alive Header of the cloud instance.
    Version 1.0.10 - May 2023
    New: Implement Table Cleaner rules for high impact/churn ServiceNow-owned tables from Security Incident Response for Security Incident Response integration with FireEye HX.
    Version 1.0.8 - February 2023
    • Fixed:
      • Clean up of worknotes.
      • FireEye business rule was deleting any other tiles available for running additional endpoints capability.
      • Action Flatten Response giving null pointer exception.
      • Support for Analyst workspace.
    Version 1.0.7 - November 2022
    • Changed: Utah Mandate: Update snc-app-parent version to 5.0.0.77
    • Fixed:
      • ServiceNow and FireEye Integration: When the Keep-Alive header is not present Get Token action fails for the FireEye cloud instance.
      • Improve the logging for FireEye HX Integration.
    Version 1.0.6 - May 2022
    Fixed: This release includes security fixes.
    Version 1.0.4 - December 2021
    Fixed: This release includes security fixes.
    Version 1.0.3 - October 2021
    Fixed: Added additional password-related policies
    Version 1.0.1 - August 2021
    • New:
      • With FireEye Endpoint Security (HX series), organizations can proactively inspect, analyze, and contain known and unknown threats on any endpoint.
      • The Gold Standard Security Incident Response integration with FireEye HX, makes it easier and efficient for Security Analysts to investigate and remediate security incidents in an instant without having to navigate between tools. You can use network containment to perform remediation actions on the endpoints, implement profiles to gather specific details about the host, and perform specific queries or actions on the endpoint.