Security Incident Response Orchestration flows and actions Release version: Xanadu Updated August 1, 2024 1 minute to readSeveral flows and actions are included with Security Incident Response Orchestration. Create Lookup Request for IoC Changes FlowThe Security Incident Response - Create Lookup Request for IoC Changes flow is triggered by a business rule to run automatically when an IoC is added or changed. Malware scans are triggered only when new data is entered and only the new data is scanned.Security Incident Response- Get Network Statistics FlowThe Security Incident Response > Get Network Statistics flow retrieves the network statistics for an affected Windows-based resource when added to a security incident in the Analysis state.Security Incident Response - Get Running Services FlowThe Security Incident Response - Get Running Services Flow retrieves a list of running services from Windows-based, ServiceNow, configuration items (CIs). This flow is used for incident enrichment during investigations.Run procdump flowThe Run procdump flow runs a process dump on a specified process and saves it to a file that can be targeted by security analysts.Security Incident - Evaluate response task outcome workflowSecurity Incident - Evaluate Response task outcome workflow determines the task to use, invokes a chosen workflow and evaluation script based on the outcome evaluator record provided as input to the chosen workflow.
Security Incident Response Orchestration flows and actions Release version: Xanadu Updated August 1, 2024 1 minute to readSeveral flows and actions are included with Security Incident Response Orchestration. Create Lookup Request for IoC Changes FlowThe Security Incident Response - Create Lookup Request for IoC Changes flow is triggered by a business rule to run automatically when an IoC is added or changed. Malware scans are triggered only when new data is entered and only the new data is scanned.Security Incident Response- Get Network Statistics FlowThe Security Incident Response > Get Network Statistics flow retrieves the network statistics for an affected Windows-based resource when added to a security incident in the Analysis state.Security Incident Response - Get Running Services FlowThe Security Incident Response - Get Running Services Flow retrieves a list of running services from Windows-based, ServiceNow, configuration items (CIs). This flow is used for incident enrichment during investigations.Run procdump flowThe Run procdump flow runs a process dump on a specified process and saves it to a file that can be targeted by security analysts.Security Incident - Evaluate response task outcome workflowSecurity Incident - Evaluate Response task outcome workflow determines the task to use, invokes a chosen workflow and evaluation script based on the outcome evaluator record provided as input to the chosen workflow.