Roll up lookup info to security incident activity

The Roll up lookup info to security incident activity can be used with any workflow to gather information from a threat lookup and output a summary of the contents as well as the ID of the originating security incident in task work notes.


Possible results for this activity are:

Table 1. Results
Result Description
Success Lookup report summary rolled up to security incident.
Failure Originating task and lookup summary report are empty.
Table 2. Input variables
Variable Description
scanID[string] Lookup identifier.

Output variables

The output variables contain data that can be used in subsequent activities.

Table 3. Output variables
Variable Description
siId[string] Security incident identifier.
response [string] Summary of lookup results including: IoC value, Result, Failure reason, lookup reference, and so on.