Security Operations Integration - Enrich Observable workflow The Security Operations Integration - Enrich Observable workflow allows you to enrich observables with additional information from a variety of sources using implementation workflows. About this taskThis workflow can be triggered from either Security Incident Response or Threat Intelligence in two ways: by selecting one or more observables from the Observables list and selecting Run observable enrichment from the Actions on selected rows choice list. by opening an observable record and clicking the Run observable enrichment related link. Either method then allows you to specify which implementations to be used to enrich the selected observables. The associated implementation workflows are executed to perform the enrichment. Workflow process activities include: Execution Tracking - Begin activityThe Execution Tracking - Begin workflow activity starts the auditing process for a Security Operations Integration workflow that operates on observables. Get Supported Security Capabilities activityThe Get Supported Capabilities workflow activity retrieves the name and number of integrations that are active and support the requested capability. Capability Execution Tracking - No Impls activityThe Capability Execution Tracking - No Impls workflow activity creates an error record when no integration capability implementation is found. Capability Execution Tracking - Complete activityThe Capability Execution Tracking - Complete workflow activity updates the audit record when the workflow is complete.