Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Security Operations Integration - Sightings Search workflow

Log in to subscribe to topics and get notified when content changes.

Security Operations Integration - Sightings Search workflow

Security Operations Integration - Sightings Search workflow is a high-level workflow independent of integrations. It uses the configured queries to search for a set of observables based on the configured integrations which support the capability. Use it to fulfill an integration such as Splunk or Elasticsearch.

Before you begin

Role required: sn_si.analyst

About this task

If a security incident has an observable attached to it, this workflow is triggered when you click on Run Sighting Search in the Actions on selected rows... drop-down menu in the Security Incident Observables tab.

Activities specific to this workflow are described here. For more information on other activities, see Common integration workflow activities.

Feedback