Submit to CSF X Sandbox

Watch

Save as PDF

Share this page

Feedback

Security Operations

HomeYokohama Security ManagementSecurity OperationsEnterprise security case management applicationsSecurity Incident ResponseSecurity Incident Response WorkspaceUsing SIR WorkspaceActivity DefinitionsSubmit to CSF X Sandbox

Table of Contents

Submit to CSF X Sandbox

Release version:
Yokohama
Xanadu
Washington DC
Vancouver
UpdatedJan 30, 2025
2 minutes to read

Yokohama
Security Incident Response

Submit to CSF X Sandbox is an example of an activity definition process.

Basic

The basic details captures the name (label), application, description, Table, and from which all applications it is accessible from.

Add the Automation plan, Activity experience and submit. Once submitted, edit the document to add more details against each tab.

Automation Plan

The Automation Plan associates the backend action/subflow built using the flow designer. This example uses Submit to Sandbox - ESCM Activitysub-flow.

Activity Definition - Submit to CSF Sandbox

This sub-flow enables submitting the malicious observables to sandbox. It has all the input fields and output fields defined.

Security incident is the input field.

Activity Experience

In this example, Record type is selected.

Associated Record

Associated record is to store the associated data pertaining to the current activity. This would capture the run time data, as well the status of the experience.

Associated table: Flow Data
Associated Record: VL
Experience status table: Flow Data
Experience Status record: VL

Details

Tag Line: Send Email
Icon: Envelope outline
Title: Activity > Activity Instance > Label. Here we have selected the activity instance’s label. This dot walking will replace the label value as the title dynamically at run time.
Description: VL (Sub-flow output is mapped)
Pending State Title: blank
Pending State Description: blank
Record Fields
Footer

Form

Form View: blank
Form Fields: blank

Attachments

In this example:

Attachment Source - None
Attachment Read only - Unchecked

Attachment Source - This is a drop down. What attachments to show on the card: those attached to the Parent Record, the Associated Record, or none.
Attachment Read only - This is a True / False. Prevent the user from renaming or deleting the existing attachments.

Features

In this example,

Show SLA - Unchecked
Show Checklist - Unchecked
Is Automated - Unchecked

Playbook Actions in Activity Definition

This section has the actions that will be rendered on the activity card.

This example has Skip, View Sandbox Results, Submit to Sandbox, and Restart actions.

To add a new action to the activity card, you need to create a new record in the Playbook Actions related list present at the bottom of the page.

Playbook override

No Playbook overrides for this example.

Yokohama Security Management

Filters

Versions

Products