Security Operations Integration - Enrich Observable capability

The Enrich Observable capability allows you to enrich observables with additional information from a variety of sources using implementation workflows. This capability is used during incident response investigations to contain an identified threat.

The Enrich Observable capability has a workflow, Security Operations Integration - Enrich Observable workflow. When the capability workflow runs, it executes additional workflows for the activated implementations. You can specify an implementation to use to perform enrichment on the selected observables, or you can perform the enrichment using all implementations that match the supported observable types.

Note: If no implementations are available, capability actions are not displayed in product menus.