Security Operations - Elasticsearch Sightings Search workflow Security Operations - Elasticsearch Sightings Search workflow is the Elasticsearch implementation launched by the Security Operations Integration - Sightings Search workflow. Before you beginRole required: sn_si.analyst About this task Workflow process activities include: Execution Tracking - Begin activity Collect Elasticsearch Configurations activity Checks to see if the MID Server is running or not. Capability Execution Tracking - Failure activity Elasticsearch Event QueryActivity activity Persist Observable Sightings activity - returns search results in an array. Capability Execution Tracking - Complete activity Execution Tracking - Begin activityThe Execution Tracking - Begin workflow activity starts the auditing process for a Security Operations Integration workflow that operates on observables. Collect Elasticsearch Configurations activityThe Collect Elasticsearch Configurations workflow activity gathers configuration information to use in the workflow.Elasticsearch Event QueryActivity activityThe Elasticsearch Event Query workflow activity searches the Elasticsearch event logs for malicious indicators.Persist Observable Sightings activityThe Persistent Observable Sightings workflow activity retrieves observables from the third-party integration.