Threat Lookup - CrowdStrike Falcon Intelligence workflow

The Threat Lookup - CrowdStrike Falcon Intelligence workflow performs a lookup on selected observables. If the observables are of a type recognized by CrowdStrike Falcon Intelligence, the observables are scanned for malware, and the results are returned.

About this task

This workflow is triggered by the Security Operations Integration - Threat Lookup capability when you publish one or more observables to a watchlist, and the CrowdStrike Falcon Intelligence implementation is selected. After they are published, the watchlists can be viewed in the CrowdStrike Falcon Host software. For more information, see

Threat Lookup - CrowdStrike Falcon Intelligence workflow

Workflow process activities include: