Security Incident Response - Get Network Statistics workflow

The Security Incident Response > Get Network Statistics workflow retrieves the network statistics for an affected Windows-based resource when added to a security incident in the Analysis state.

Before you begin

Role required: sn_si.analyst

About this task

For new security incidents, the workflow runs automatically when you submit the incident with a selected configuration item, when the state automatically changes to Analysis. If it remains in the Draft state, then does not run.

Existing security incidents are automatically updated when you are in the Analysis state and you add a new configuration item.

Procedure

  1. Open a security incident.
  2. Update the State to Analysis, if necessary.
  3. Add a configuration item (computer, server, or similar).
  4. Click Update.
    Security Incident Response Orchestration provides network statistics information in the Related Links > Security Incident Enrichments tab. For more information see, Security Operations enrichment data mapping.