Security Operations Integration - Threat Lookup Flow

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • The Security Operations Integration - Threat Lookup capability flow accesses available threat lookup implementations and executes the implementation flows associated with each to perform threat lookups of selected observables.

    Avant de commencer

    Role required: sn_ti.write

    Pourquoi et quand exécuter cette tâche

    This flow can be triggered in these ways.
    • by selecting one or more observables from the Observables list and selecting Run threat lookup from the Actions on selected rows choice list.
    • by opening an observable record and clicking the Run threat lookup related link.
    • From the Observables related list in a security incident.

    Each method then allows you to specify which lookup implementations to be used to scan the selected observables. The associated implementation flows are executed to perform the lookups.

    Figure 1. Threat Lookup
    Security Operations Integration - Threat Lookup

    Actions specific to this flow are described here. For more information on other actions, see Common Security Operations integration flows and orchestration activities.

    The flow process actions include: