During Security Incident Response
analysis, a security analyst may want to perform a task that is driven by a security incident
workflow. For example, run a process dump on a particular CI. This can be accomplished with
Each registered Security Operations application includes several on-demand orchestrations in
the base system. You can define custom
on-demand orchestrations, as needed.
On-demand orchestration can be invoked from a choice list at the bottom of the following lists
and forms in Security Incident Response
- Security Incident form
- Security Incident list
- Security Incident Observables related list
- Configuration Items related list
A property in Security Support Common called
defines which workflows are
available for on-demand execution.
If the property is set to true,
only workflows specified in the On-Demand Orchestration [sn_sec_cmn_on_demand_orchestration]
table are available.
If the property is set to false (default),
all workflows for applications configured in the SecOps Application Registry are
Depending on the setting of the property, the list of workflows available is
tailored to the type of information being analyzed.