This workflow is intended to run at the same time as the create task activity to be evaluated. The evaluation script queries the artifacts (such as sightings search records, or running processes) of the configured capability using context information from the response task (such as its parent security incident) to determine the appropriate outcome for the response task. The outcome could potentially be workflow activity dependent, but is generally yes or no. When creating an outcome evaluator record only capabilities that have a configured workflow, with the Is task based capability box checked, and a task input variable set are available to select.

Workflow process activities include:

• Run script to determine response task
• Should Run Workflow
• Parallel Flow Launcher Launch Capability Workflow
• Create Evaluation Event