Security Operations Integration - Sightings Search Flow

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Security Operations Integration - Sightings Search flow is a high-level flow independent of integrations. It uses the configured queries to search for a set of observables based on the configured integrations which support the capability. Use it to fulfill an integration such as Splunk or Elasticsearch.

    Avant de commencer

    Role required: sn_si.analyst

    Pourquoi et quand exécuter cette tâche

    If a security incident has an observable attached to it, this flow is triggered when you click on Run Sighting Search in the Actions on selected rows... drop-down menu in the Security Incident Observables tab.

    Figure 1. Sightings Search
    Flow design for Security Operations Integration- Sightings Search

    Activities specific to this flow are described here. For more information on other activities, see Common Security Operations integration flows and orchestration activities.