Security Operations - McAfee ESM Sightings Search workflow Security Operations - McAfee ESM Sightings Search workflow is the implementation for the Splunk integration launched by the Security Operations Integration - Sightings Search workflow. Before you beginRole required: sn_si_analyst About this task Workflow process activities include: Execution Tracking - Begin activity Collect McAfee Configurations activity Capability Execution Tracking - Failure activity McAfee ESM Event Query activity Checks to see if the MID Server is running. Persist Observable Sightings activity - returns search results in an array. Capability Execution Tracking - Complete activity Execution Tracking - Begin activityThe Execution Tracking - Begin workflow activity starts the auditing process for a Security Operations Integration workflow that operates on observables. Collect McAfee Configurations activityThe Collect McAfee Configurations workflow activity gathers configuration information to use in the workflow.McAfee ESM Event Query activityThe McAfee ESM Event Query workflow activity searches the McAfee ESM event logs for malicious indicators.Persist Observable Sightings activityThe Persistent Observable Sightings workflow activity retrieves observables from the third-party integration.