Security Operations - Arcsight Logger Sightings Search workflow Security Operations - ArcSight Logger Sightings Search workflow is the implementation for the Splunk integration launched by the Security Operations Integration - Sightings Search workflow. Before you beginRole required: sn_si_analyst About this task Workflow process activities include: Execution Tracking - Begin (Observables) activity Collect ArcSight Configurations activity Capability Execution Tracking - Failure activity ArcSight Event Query activity Checks to see if the MID Server is running or not. ArcSight Event Query activity Persist Observable Sightings activity - returns search results in an array. Capability Execution Tracking - Complete activity Execution Tracking - Begin (Observables) activityThe Execution Tracking - Begin (Observables) workflow activity starts the auditing process for a Security Operations Integration workflow that operates on observables. Collect ArcSight Configurations activityThe Collect ArcSight Configurations workflow activity gathers configuration information to use in the workflow. ArcSight Event Query activityThe ArcSight Event Query workflow activity searches the ArcSight event logs for malicious indicators.Persist Observable Sightings activityThe Persistent Observable Sightings workflow activity retrieves observables from the third-party integration.