Run Enrichment Actions within a case

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:1分

    • Use this section to understand how enrichments actions are performed on case(s).

    始める前に

    Role required: sn_sec_tisc.admin

    手順

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click Threat Analyst Workbench icon.
    3. Go to Case Management > All Cases.
      All the cases are displayed.
    4. Select any case or case task.
    5. Go to Artifacts tab.
    6. Select the Observables related list.
    7. Select one ore more Observables.
    8. Click any Enrichment actions from the dropdown list.
    9. Select the available implementation(s).
    10. Click Submit.
      For example, Run Threat Lookup. The selected enrichment action will be executed and an information message is displayed that Observable enrichment execution has started on the selected observable(s). Results will be available in the detail page of respective observable(s) once the execution is complete.
      注:
      Once the execution initiated or completed, a work notes is posted on the activity stream of the form view.
      Enrichment actions