Determine Observables activity

The Determine Observables workflow activity determines which observable to include in the workflow

The Determine Observables activity can be used with any workflow to determine which observables to include in the workflow.

Results

Possible results for this activity are:

Table 1. Results
Result Description
Success Found observables
Failure No observables found. More error information is available in the activity output error.

Input variables

Input variables determine the initial behavior of the activity.

Variable Description
task_sys_id Task identifier (maps security incident to observables).
observables IP addresses, hash, URLs, domain names.

Output variables

The output variables contain data that can be used in subsequent activities.

Table 2. Output variables
Variable Description
observables Filtered observables