Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Security Operations CrowdStrike Falcon Host - Publish to Watchlist workflow

Security Operations CrowdStrike Falcon Host - Publish to Watchlist workflow

The Security Operations CrowdStrike Falcon Host - Publish to Watchlist workflow is used to specify the watchlist for generating alert or events. The alerts and events are displayed in the CrowdStrike Falcon Host system based on how it is configured.

Before you begin

Role required: n_si.analyst

About this task

This workflow is triggered by the Security Operations Integration - Publish to Watchlist capability when you select one or more observables associated with a security incident, and use the Publish to Watchlist UI action to push the observables to a watchlist. The observables can then be used to generate additional alerts. For more information, see Publish observables to a third-party watchlist.

Security Operations CrowdStrike Falcon Host - Publish to Watchlist workflow

Workflow process activities include: