Security Operations System Command Integration- Get Running Processes flow

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • The Security Operations System Command Integration - Get Running Processes flow retrieves the running processes of a configuration item when added or updated to a Windows or Unix-based security incident in the Analysis state.

    Before you begin

    Role required: sn_si.analyst

    About this task

    For new security incidents, the flow runs automatically when you submit the incident with a selected configuration item, when the state automatically changes to Analysis. If it remains in the Draft state, then it does not run.

    Existing security incidents are automatically updated when you are in the Analysis state and you add a new configuration item.

    The flow process actions include:
    Figure 1. Get Running Processes
    Security Operations System Command Integration- Get Running Processes flow

    Procedure

    1. Open a security incident.
    2. Update the State to Analysis, if necessary.
    3. Add a configuration item (computer, server, or similar).
    4. Click Update.
      Security Incident Response Orchestration provides running process information in the Related Link > Security Incident Enrichmentstab. For more information, see Security Operations enrichment data mapping.

      Actions specific to this flow are described here. For more information on other actions, see Common Security Operations integration flows and orchestration activities.