Security Operations Integration - Threat Lookup Flow

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:1分

    • The Security Operations Integration - Threat Lookup capability flow accesses available threat lookup implementations and executes the implementation flows associated with each to perform threat lookups of selected observables.

    始める前に

    Role required: sn_ti.write

    このタスクについて

    This flow can be triggered in these ways.
    • by selecting one or more observables from the Observables list and selecting Run threat lookup from the Actions on selected rows choice list.
    • by opening an observable record and clicking the Run threat lookup related link.
    • From the Observables related list in a security incident.

    Each method then allows you to specify which lookup implementations to be used to scan the selected observables. The associated implementation flows are executed to perform the lookups.

    図 : 1. Threat Lookup
    Security Operations Integration - Threat Lookup

    Actions specific to this flow are described here. For more information on other actions, see Common Security Operations integration flows and orchestration activities.

    The flow process actions include: