Retrieve running processes with the Get Running Processes workflow The Security Incident Response - Get Running Processes workflow retrieves the running processes of a configuration item when added to a Windows-based security incident in the Analysis state. Before you beginRole required: sn_si.analyst About this task For new security incidents, the workflow runs automatically when you submit the incident with a selected configuration item and when the state automatically changes to Analysis. If the incident remains in the Draft state, the workflow does not run. Existing security incidents automatically update when in the Analysis state and a new configuration item is added. Note: For information on using the Get Running Processes via WMI activity in workflows, see Retrieve running processes with the Get Running Processes workflow. Workflow process activities include: Run Audit Log script Get Configuration Item FQDN activity Get Running Processes via WMI Security Operations enrichment data mapping Procedure Open a security incident. Update the State to Analysis, if necessary. Add a configuration item (computer, server, or similar). Click Update. Security Incident Response Orchestration provides running process information in the Related Link > Security Incident Enrichments tab. For more information, see Security Operations enrichment data mapping. Related TasksCreate IoC Lookup Request for IoC Changes workflowRetrieve network statistics with the Get Network Statistics workflowGet Threat Email Details and Delete workflowReturn Email Details from Exchange workflowReturn Total Emails Found in Exchange workflowSearch and Delete Threat Emails workflowRelated ReferenceCreate IoC Lookup Request activity
Retrieve running processes with the Get Running Processes workflow The Security Incident Response - Get Running Processes workflow retrieves the running processes of a configuration item when added to a Windows-based security incident in the Analysis state. Before you beginRole required: sn_si.analyst About this task For new security incidents, the workflow runs automatically when you submit the incident with a selected configuration item and when the state automatically changes to Analysis. If the incident remains in the Draft state, the workflow does not run. Existing security incidents automatically update when in the Analysis state and a new configuration item is added. Note: For information on using the Get Running Processes via WMI activity in workflows, see Retrieve running processes with the Get Running Processes workflow. Workflow process activities include: Run Audit Log script Get Configuration Item FQDN activity Get Running Processes via WMI Security Operations enrichment data mapping Procedure Open a security incident. Update the State to Analysis, if necessary. Add a configuration item (computer, server, or similar). Click Update. Security Incident Response Orchestration provides running process information in the Related Link > Security Incident Enrichments tab. For more information, see Security Operations enrichment data mapping. Related TasksCreate IoC Lookup Request for IoC Changes workflowRetrieve network statistics with the Get Network Statistics workflowGet Threat Email Details and Delete workflowReturn Email Details from Exchange workflowReturn Total Emails Found in Exchange workflowSearch and Delete Threat Emails workflowRelated ReferenceCreate IoC Lookup Request activity
