Threat Lookup - CrowdStrike Falcon Intelligence workflow The Threat Lookup - CrowdStrike Falcon Intelligence workflow performs a lookup on selected observables. If the observables are of a type recognized by CrowdStrike Falcon Intelligence, the observables are scanned for malware, and the results are returned. About this task This workflow is triggered by the Security Operations Integration - Threat Lookup capability when you publish one or more observables to a watchlist, and the CrowdStrike Falcon Intelligence implementation is selected. After they are published, the watchlists can be viewed in the CrowdStrike Falcon Host software. For more information, see Workflow process activities include: Execution Tracking - Begin activityThe Execution Tracking - Begin workflow activity starts the auditing process for a Security Operations Integration workflow that operates on observables. Capability Execution Tracking - Complete activityThe Capability Execution Tracking - Complete workflow activity updates the audit record when the workflow is complete.Capability Execution Tracking - Failure activityThe Capability Execution Tracking - Failure workflow activity records a failure to the audit record.