Security Operations Integration - Publish to Watchlist Flow

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • The Security Operations Integrations - Publish to Watchlist flow is a high-level flow independent of integrations. It adds observables to third-party watchlist that support the capability. Use it to fulfill an integration.

    Avant de commencer

    Role required: sn_si.analyst

    Pourquoi et quand exécuter cette tâche

    This flow is visible and runs only when an integration is available. It is triggered from the Observables or Associated Indicators tab on a security incident.

    Figure 1. Publish to Watchlist
    Security Operations Integration - Publish to Watchlist capability flow

    Activities specific to this flow are described here. For more information on other activities, see Common Security Operations integration flows and orchestration activities.