Security Incident Response Orchestration workflows and activities Several workflows and activities are included with Security Incident Response Orchestration. Only users with the sn_sec_cmn.admin role can add and edit Security Operations workflows. Create Lookup Request for IoC Changes workflowThe Security Incident Response - Create Lookup Request for IoC Changes workflow is triggered by a business rule to run automatically when an IoC is added or changed. Malware scans are triggered only when new data is entered and only the new data is scanned. Get Threat Email Details and Delete workflowThe Security Incident Response-Get Threat Email Details and Delete workflow returns threat email details from an Exchange Server search and lets you delete them upon approval. Return Email Details from Exchange workflowThe Return Email Details from Exchange workflow returns details from the threat emails found on the Exchange Server.Return Total Emails Found in Exchange workflowThe Security Incident Response Return Total Emails Found in Exchange workflow returns the total number of threat emails found on the Exchange Server.Run procdump workflowThe Run procdump workflow runs a process dump on a specified process and saves it to a file that can be targeted by security analysts.Search and Delete Threat Emails workflowThe Security Incident Response-Get Threat Email Details and Delete workflow returns the number of threat emails from an Exchange Server search and lets you delete them. Security Incident - Evaluate response task outcome workflowSecurity Incident - Evaluate Response task outcome workflow determines the task to use, invokes a chosen workflow and evaluation script based on the outcome evaluator record provided as input to the chosen workflow. Security Incident Response - Get Network Statistics workflowThe Security Incident Response > Get Network Statistics workflow retrieves the network statistics for an affected Windows-based resource when added to a security incident in the Analysis state.Security Incident Response - Get Running Services workflowThe Security Incident Response - Get Running Services workflow retrieves a list of running services from Windows-based, ServiceNow, configuration items (CIs). This workflow is used for incident enrichment during investigations.Security Operations System Command Integration - Get Running Processes workflowThe Security Operations System Command Integration - Get Running Processes workflow retrieves the running processes of a configuration item when added or updated to a Windows or Unix-based security incident in the Analysis state.Related ConceptsSecurity Incident Response workflow templates
Security Incident Response Orchestration workflows and activities Several workflows and activities are included with Security Incident Response Orchestration. Only users with the sn_sec_cmn.admin role can add and edit Security Operations workflows. Create Lookup Request for IoC Changes workflowThe Security Incident Response - Create Lookup Request for IoC Changes workflow is triggered by a business rule to run automatically when an IoC is added or changed. Malware scans are triggered only when new data is entered and only the new data is scanned. Get Threat Email Details and Delete workflowThe Security Incident Response-Get Threat Email Details and Delete workflow returns threat email details from an Exchange Server search and lets you delete them upon approval. Return Email Details from Exchange workflowThe Return Email Details from Exchange workflow returns details from the threat emails found on the Exchange Server.Return Total Emails Found in Exchange workflowThe Security Incident Response Return Total Emails Found in Exchange workflow returns the total number of threat emails found on the Exchange Server.Run procdump workflowThe Run procdump workflow runs a process dump on a specified process and saves it to a file that can be targeted by security analysts.Search and Delete Threat Emails workflowThe Security Incident Response-Get Threat Email Details and Delete workflow returns the number of threat emails from an Exchange Server search and lets you delete them. Security Incident - Evaluate response task outcome workflowSecurity Incident - Evaluate Response task outcome workflow determines the task to use, invokes a chosen workflow and evaluation script based on the outcome evaluator record provided as input to the chosen workflow. Security Incident Response - Get Network Statistics workflowThe Security Incident Response > Get Network Statistics workflow retrieves the network statistics for an affected Windows-based resource when added to a security incident in the Analysis state.Security Incident Response - Get Running Services workflowThe Security Incident Response - Get Running Services workflow retrieves a list of running services from Windows-based, ServiceNow, configuration items (CIs). This workflow is used for incident enrichment during investigations.Security Operations System Command Integration - Get Running Processes workflowThe Security Operations System Command Integration - Get Running Processes workflow retrieves the running processes of a configuration item when added or updated to a Windows or Unix-based security incident in the Analysis state.Related ConceptsSecurity Incident Response workflow templates
