Security Operations Integration - Enrich Observable workflow

The Security Operations Integration - Enrich Observable workflow allows you to enrich observables with additional information from a variety of sources using implementation workflows.

About this task

This workflow can be triggered from either Security Incident Response or Threat Intelligence in two ways:
  • by selecting one or more observables from the Observables list and selecting Run observable enrichment from the Actions on selected rows choice list.
  • by opening an observable record and clicking the Run observable enrichment related link.

Either method then allows you to specify which implementations to be used to enrich the selected observables. The associated implementation workflows are executed to perform the enrichment.

Security Operations Integration - Enrich Observable workflow

Workflow process activities include: