During Security Incident Response
analysis, a security analyst may want to perform a task that is driven by a security incident
workflow. For example, run a process dump on a particular CI. This can be accomplished with
Each registered Security Operations application includes several on-demand orchestrations in
the base system. You can define custom
on-demand orchestrations, as needed.
On-demand orchestration can be invoked from a choice list at the bottom of the following lists
and forms in Security Incident Response
- Security Incident form
- Security Incident list
- Security Incident Observables related list
- Configuration Items related list
A property in Security Support Common called
sn_sec_cmn.use_on_demand_tbl_as_whitelist defines which workflows are
available for on-demand execution.
If the property is set to true, only workflows specified in the On
Demand Orchestration [sn_sec_cmn_on_demand_orchestration] table are available.
If the property is set to false (default), all workflows for
applications configured in the SecOps
Application Registry are available.
Depending on the setting of the property, the list of workflows available is tailored to the
type of information being analyzed.