Security Operations Integration - Threat Lookup workflow The Security Operations Integration - Threat Lookup capability workflow accesses available threat lookup implementations and executes the implementation workflows associated with each to perform threat lookups of selected observables. Before you beginRole required: sn_ti.write About this taskThis workflow can be triggered in these ways: by selecting one or more observables from the Observables list and selecting Run threat lookup from the Actions on selected rows choice list. by opening an observable record and clicking the Run threat lookup related link. From the Observables related list in a security incident. Each method then allows you to specify which lookup implementations to be used to scan the selected observables. The associated implementation workflows are executed to perform the lookups. Workflow process activities include: Execution Tracking - Begin activityThe Execution Tracking - Begin workflow activity starts the auditing process for a Security Operations Integration workflow that operates on observables. Get Supported Security Capabilities activityThe Get Supported Capabilities workflow activity retrieves the name and number of integrations that are active and support the requested capability. Capability Execution Tracking - No Impls activityThe Capability Execution Tracking - No Impls workflow activity creates an error record when no integration capability implementation is found. Capability Execution Tracking - Complete activityThe Capability Execution Tracking - Complete workflow activity updates the audit record when the workflow is complete.
Security Operations Integration - Threat Lookup workflow The Security Operations Integration - Threat Lookup capability workflow accesses available threat lookup implementations and executes the implementation workflows associated with each to perform threat lookups of selected observables. Before you beginRole required: sn_ti.write About this taskThis workflow can be triggered in these ways: by selecting one or more observables from the Observables list and selecting Run threat lookup from the Actions on selected rows choice list. by opening an observable record and clicking the Run threat lookup related link. From the Observables related list in a security incident. Each method then allows you to specify which lookup implementations to be used to scan the selected observables. The associated implementation workflows are executed to perform the lookups. Workflow process activities include: Execution Tracking - Begin activityThe Execution Tracking - Begin workflow activity starts the auditing process for a Security Operations Integration workflow that operates on observables. Get Supported Security Capabilities activityThe Get Supported Capabilities workflow activity retrieves the name and number of integrations that are active and support the requested capability. Capability Execution Tracking - No Impls activityThe Capability Execution Tracking - No Impls workflow activity creates an error record when no integration capability implementation is found. Capability Execution Tracking - Complete activityThe Capability Execution Tracking - Complete workflow activity updates the audit record when the workflow is complete.
