Trigger a FireEye capability profile from Related Links

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • Trigger a capability profile manually after reviewing a security incident from related links.

    시작하기 전에

    Role required: sn_si.admin or sn_si.analyst

    프로시저

    1. Navigate to Security Incidents > Show All Incidents.
    2. Select the security incident that you want to review.
    3. Click Run EDR Profile(s)in the related links section.
      Run EDR Profile
    4. Browse and select a profile from the list of available profiles and click Submit.
      EDR Profiles
      Run EDR Profile
    5. The selected profile is triggered manually.
    6. Review the work notes and activities section.
    7. View the tags and check the related lists for the data.
      주:
      In addition to running the profile for the CI or the Alternate CI of the security incident, you could also run the profile for CI values present in the Configuration Item Related list by checking the Include Related CI on the dialog box. This will fetch data for the CI values present in the related list as well. Alternatively, you could run the profile just for the CI values present in the related list.