Security Operations Integration- Enrich CI capability
The Enrich CI capability allows you to enrich data for configuration items associated with a security incident.
The Enrich CI capability has a flow, Security Operations Integration - CI Enrichment flow. When the capability flow runs, it executes additional flows for the activated implementations. You can specify an implementation to use to perform enrichment on the selected CIs, or you can
perform the enrichment using all implementations.
Note:
This enriched data is not the type of data you would want to store in your CMDB as it is forensic data that is specific to a given investigation--for example, performing a
memdump from a CI. Instead, the data is stored in the Configuration Item Enrichment [sn_sec_cmn_ci_enrichment_result] table.
Note:
If no implementations are available, capability actions are not displayed in product menus.