Now Assist for Security Incident Response release notes

Release version: Store

Updated October 16, 2025

3 minutes to read

Summarize

Summarized using AI

Summary of Now Assist for Security Incident Response Release Notes

The release notes for the Now Assist for Security Incident Response application detail updates and enhancements aimed at improving the efficiency and effectiveness of security incident management. The latest version, 4.0.0, was released on October 16, 2025, and includes performance optimizations and fixes.

Show full answer Show less

Key Features

Version 4.0.0: Updated dependencies for performance; fixed refresh issues for recommended actions.
Version 3.5.0: Introduced a new workflow for generating shift handover reports and added access control lists (ACLs) for skills and agents.
Version 3.3.0: Enhanced support for various AI models and stabilized the Resolve Security Incident Workflow.
Version 3.2.2: Launched workflows to help analysts resolve incidents and assess SOC quality metrics, including key performance indicators.
Version 3.0.1: Enabled analysis of security operations metrics with actionable insights for optimization.
Version 2.0.3: Offered a use case for closing incidents directly from the Now Assist panel, including false positive handling.
Version 2.0.1: Empowered security operations teams with generative AI capabilities.

Key Outcomes

These updates facilitate improved incident resolution, performance tracking, and operational insights, enabling customers to enhance the efficiency of their security operations. By leveraging these features, ServiceNow customers can expect streamlined workflows, better analytics, and optimized incident management processes. This ultimately leads to quicker resolutions and improved overall security posture within their organizations.

Version history for the Now Assist for Security Incident Response application on the ServiceNow Store.

Important:

For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

Version history

Version 4.0.0 - October 2025

Changed: Updated the dependent applications "Now Assist for Platform" versions to 9.2.2v (performance optimizations).
Fixed:
- Recommended actions refresh is not removing old entries.
- Remove the Generate Insights button from the Related Records tab.

Version 3.5.0 - September 2025

New: Added a new agentic workflow, "Generate Shift Handover Report for a Security Incident".
Changed: Added ACLs for all the existing skills and agents.

Version 3.3.0 - August 2025

New: Support for both skills and agents with all 4 models (Azure Open AI, Now LLM, Google Gemini, Amazon Bedrock).
Fixed: Stabilized the Resolve Security Incident Workflow.

Version 3.2.2 - June 2025

New:
- Security Incident Resolving: This agentic workflow helps security analysts resolve security incidents by leveraging existing runbooks and historical security incidents. By analyzing similar past cases, it generates a clear and effective plan to resolve ongoing security incidents.
- SOC Efficiency Analyzing: This agentic workflow helps SOC managers assess the quality of security incidents and track the key performance metrics, providing insights to explain and improve SOC operations.
  - Generate Key Metrics for Security Incident Response (SIR): Track case volume, Mean Time to Assign (MTTA), and Mean Time to Resolve (MTTR) over a customizable date range.
  - Metrics Analysis and Insights: Receive actionable insights into how to optimize MTTR, MTTA, and case volume, along with recommendations for improvement based on the data.
Changed:
- Recommended Actions:
  - Enhanced to incorporate a feedback option on the overall recommendation provided, enabling continuous improvement of future recommendations.
  - Additionally, the top (N) number of recommendation cards are displayed based on the configuration settings.

Version 3.0.1 - May 2025

New:
- Analyze security operations metrics
  - The Analyze security operations metrics agentic workflow empowers security managers to evaluate their team's performance.
    - Generate Key Metrics for Security Incident Response (SIR): Track case volume, Mean Time to Assign (MTTA), and Mean Time to Resolve (MTTR) over a customizable date range.
    - Metrics Analysis and Insights: Receive actionable insights into how to optimize MTTR, MTTA, and case volume, along with recommendations for improvement based on the data.
- The Resolve security incident agentic workflow can help your SOC teams resolve security incidents.
  - SOC analysts and managers can chat with an AI agent in the Now Assist panel to help them resolve security incidents.
Changed:
- Enhancements to correlation insights
- - You can generate and view results for correlation insights in the Security Incident Response Workspace.
  - Correlation insights are not limited to the primary configuration item (CI) or affected users associated with a security incident. You can base your correlation insights on any CI or affected user for a security incident.
  - You can generate correlation insights from the Investigation tab for a security incident in any state in the Security Incident Response Workspace.
  - You can generate insights for multiple items simultaneously for Associated Observables, Configuration items, and Affected Users.
  - Results are displayed in a modeless dialog that you can size and move.

Version 2.0.3 - March 2025

New:
- The "Close Security Incident" use case assists analysts in closing a security incident from the "Now Assist panel" by generating the Post Incident Analysis, Closure notes, and close code, while overriding all mandatory task closures and assessments.
- Additionally, it supports closing a security incident as a false positive, which skips the generation of Post Incident Analysis, Closure notes, and close code, and directly closes the incident by marking it as False Positive.

Version 2.0.1 - February 2025

Empower your SOC team with Generative AI capabilities for Security Incident Response.