Sightings Search - Determine Observables activity
- UpdatedJan 30, 2025
- 1 minute read
- Yokohama
- Security Operations Integration Reference
Sightings Search - Determine Observables activity
The Sightings Search - Determine Observables workflow activity determines which observables to include in the workflow.
The Sightings Search - Determine Observables activity can be used with any workflow to determine which observables to include in the workflow.
Results
Possible results for this activity are:
| Result | Description |
|---|---|
| Success | Found observables |
| Failure | No observables found. More error information is available in the activity output error. |
Input variables
Input variables determine the initial behavior of the activity.
| Variable | Description |
|---|---|
| task_sys_id | Task identifier (maps security incident to observables). |
| observables | IP addresses, hash, URLs, domain names. |
| workflow_current_sys_id | System identifier of the current record. (Used only if
task_sys_id, observable inputs are not available. |
Output variables
The output variables contain data that can be used in subsequent activities.
| Variable | Description |
|---|---|
| observables | Filtered observables |