Security Operations - Isolate Host workflow The Security Operations - Isolate Host workflow is a high-level workflow independent of integrations. It uses the configured queries to search for a set of configuration items. Use it to fulfill an integration, such as Carbon Black. Before you beginRole required: sn_si.analyst About this task This workflow is triggered from the Configuration Items tab on a security incident related list. Workflow process activities include: Capability - Determine CIs activity Execution Tracking - Begin (CIs) activity Get Supported Security Capabilities activity Parallel Flow Launcher - launch the appropriate workflow. Store the results in an array. Capability Execution Tracking - No Impls activity Execution tracking complete Capability - Determine CIs activityThe Capability - Determine CIs workflow activity determines which configuration items (CIs) to include in the workflow. Execution Tracking - Begin activityThe Execution Tracking - Begin workflow activity starts the auditing process for a Security Operations Integration workflow that operates on observables. Get Supported Security Capabilities activityThe Get Supported Capabilities workflow activity retrieves the name and number of integrations that are active and support the requested capability. Capability Execution Tracking - Complete activityThe Capability Execution Tracking - Complete workflow activity updates the audit record when the workflow is complete.