Security Operations orchestration activities Many activities are included with Security Operations for use in workflows. Create Enrichment Data records activityThis workflow activity stores workflow output data in a table. Create Scan Record for Vulnerabilities activityRun vulnerability scans for single or multiple vulnerable items using the Create Scan Record for Vulnerabilities workflow activity included in the base system. When the input is passed to the activity, it creates a scan record.Get Configuration Item FQDN activityThe Security Common Orchestration > Get Configuration Item FQDN workflow activity retrieves the fully qualified domain name (FQDN) of a configuration item. This activity can accelerate the investigation and remediation process.Get Email Details from Exchange Server activityThe Get Email Details from Exchange Server activity searches for email in message tracking report on an Exchange Server and retrieves their details.Get IP from CI activityThis workflow activity determines the IPV4 address associated with a configuration item (CI).Get Network Statistics via netstat activityThe Security Common Orchestration - Get Network Statistics via netstat, workflow activity retrieves the network statistics for an affected resource on a Windows-based system. This activity can accelerate the investigation and remediation process.Get running processes via WMI activityThe Get Running Processes workflow activity retrieves the running processes of a configuration item on a Windows-based system. This activity can accelerate the investigation and remediation process.Search/Delete Threat Email in Exchange activityThe Search/Delete Threat Email in Exchange activity scans all mailboxes in an Exchange Server to search or delete threat emails using a search query. This activity retrieves the total number of emails found. Update Task Worknotes activityThe Security Common Orchestration - Update Task Worknotes workflow activity updates the Activity section (work notes) of a task record. This is useful for logging information.Roll up lookup info to security incident activityThe Roll up lookup info to security incident activity can be used with any workflow to gather information from a threat lookup and output a summary of the contents as well as the ID of the originating security incident in task work notes.Write content to record as attachment activityThis activity writes the content passed in from an input and creates a designated attachment to a given record. Related ConceptsSecurity Operations orchestration workflows
Security Operations orchestration activities Many activities are included with Security Operations for use in workflows. Create Enrichment Data records activityThis workflow activity stores workflow output data in a table. Create Scan Record for Vulnerabilities activityRun vulnerability scans for single or multiple vulnerable items using the Create Scan Record for Vulnerabilities workflow activity included in the base system. When the input is passed to the activity, it creates a scan record.Get Configuration Item FQDN activityThe Security Common Orchestration > Get Configuration Item FQDN workflow activity retrieves the fully qualified domain name (FQDN) of a configuration item. This activity can accelerate the investigation and remediation process.Get Email Details from Exchange Server activityThe Get Email Details from Exchange Server activity searches for email in message tracking report on an Exchange Server and retrieves their details.Get IP from CI activityThis workflow activity determines the IPV4 address associated with a configuration item (CI).Get Network Statistics via netstat activityThe Security Common Orchestration - Get Network Statistics via netstat, workflow activity retrieves the network statistics for an affected resource on a Windows-based system. This activity can accelerate the investigation and remediation process.Get running processes via WMI activityThe Get Running Processes workflow activity retrieves the running processes of a configuration item on a Windows-based system. This activity can accelerate the investigation and remediation process.Search/Delete Threat Email in Exchange activityThe Search/Delete Threat Email in Exchange activity scans all mailboxes in an Exchange Server to search or delete threat emails using a search query. This activity retrieves the total number of emails found. Update Task Worknotes activityThe Security Common Orchestration - Update Task Worknotes workflow activity updates the Activity section (work notes) of a task record. This is useful for logging information.Roll up lookup info to security incident activityThe Roll up lookup info to security incident activity can be used with any workflow to gather information from a threat lookup and output a summary of the contents as well as the ID of the originating security incident in task work notes.Write content to record as attachment activityThis activity writes the content passed in from an input and creates a designated attachment to a given record. Related ConceptsSecurity Operations orchestration workflows
