Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Publish to Watchlist activity

Log in to subscribe to topics and get notified when content changes.

Publish to Watchlist activity

The Publish to Watchlist workflow activity pushes observables in a security incident into a watchlist for generating alert or events. The alerts and events are displayed in the CrowdStrike Falcon Host system based on how it is configured.

The Publish to Watchlist activity can be used with any workflow to publish observables to a watchlist.


Possible results for this activity are:

Table 1. Results
Result Description
Success Configuration succeeded. .
Failure An error occurred while attempting to verify the configuration. More error information is available in the activity output error.

Input variables

Input variables determine the initial behavior of the activity.

Variable Description
observables The list of observables from Security Incident Response.
user_name The user name of the individual responsible for the CrowdStrike Falcon Host integration.
password The password of the individual responsible for the CrowdStrike Falcon Host integration.
task_sys_id The system identifier for this publish to watchlist job.
capabilityExecutionId The name of the associated capability.

Output variables

The output variables contain data that can be used in subsequent activities.

Table 2. Output variables
Variable Description
status The status of the publish activity.