Threat Lookup - Have I been pwned? workflow The Threat Lookup - Have I been pwned? workflow performs a lookup on selected observables. If the observables are of a type recognized by Have I been pwned?, the observables are scanned for malware, and the results are returned. About this task This workflow is triggered by the Security Operations Integration - Threat Lookup capability when you perform a threat lookup on one or more observables, and the Have I been pwned? implementation is selected. For more information, see Perform lookups on observables. Workflow process activities include: Execution Tracking - Begin activityThe Execution Tracking - Begin workflow activity starts the auditing process for a Security Operations Integration workflow that operates on observables. Capability Execution Tracking - Complete activityThe Capability Execution Tracking - Complete workflow activity updates the audit record when the workflow is complete.Capability Execution Tracking - Failure activityThe Capability Execution Tracking - Failure workflow activity records a failure to the audit record.