Create Enrichment Data records Flow Action
-
- UpdatedAug 1, 2024
- 1 minute read
- Vancouver
- Security Operations
The Create enrichment data records flow action creates or updates enrichment records to use in the flow.
The Create Enrichment Data records flow action can be used with any flow to update enrichment records in the flow.
Results
Possible results for this flow action are:
| Result | Description |
|---|---|
| Success | Enrichment record updated. |
| Failure | Enrichment record not updated. More error information is available in the flow action output error. |
Input variables
Input variables determine the initial behavior of the flow action.
Output variables
The output variables contain data that can be used in subsequent activities.
| Variable | Description |
|---|---|
| result | GlideRecords created using the enrichmentUtils script. |
On this page
Related Content
- Create Lookup Request for IoC Changes Flow
The Security Incident Response - Create Lookup Request for IoC Changes flow is triggered by a business rule to run automatically when an IoC is added or changed. Malware scans are triggered only when new data is entered and only the new data is scanned.
- Security Incident Response- Get Network Statistics Flow
The Security Incident Response Get Network Statistics flow retrieves the network statistics for an affected Windows-based resource when added to a security incident in the Analysis state.
- Security Incident Response - Get Running Services Flow
The Security Incident Response - Get Running Services Flow retrieves a list of running services from Windows-based, ServiceNow, configuration items (CIs). This flow is used for incident enrichment during investigations.
- Run procdump workflow
The Run procdump workflow runs a process dump on a specified process and saves it to a file that can be targeted by security analysts.
- Security Incident - Evaluate response task outcome workflow
Security Incident - Evaluate Response task outcome workflow determines the task to use, invokes a chosen workflow and evaluation script based on the outcome evaluator record provided as input to the chosen workflow.