Security Operations Integration - Publish to Watchlist workflow

The Security Operations Integrations - Publish to Watchlist workflow is a high-level workflow independent of integrations. It adds observables to third-party watchlists that support the capability. Use it to fulfill an integration.

Before you begin

Role required: sn_si.analyst

About this task

This workflow is visible and runs only when an integration is available. It is triggered from the Observables or Associated Indicators tab on a security incident.