Security Operations Integration - Sightings Search Flow

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Security Operations Integration - Sightings Search flow is a high-level flow independent of integrations. It uses the configured queries to search for a set of observables based on the configured integrations which support the capability. Use it to fulfill an integration such as Splunk or Elasticsearch.

    Before you begin

    Role required: sn_si.analyst

    About this task

    If a security incident has an observable attached to it, this flow is triggered when you click on Run Sighting Search in the Actions on selected rows... drop-down menu in the Security Incident Observables tab.

    Figure 1. Sightings Search
    Flow design for Security Operations Integration- Sightings Search

    Activities specific to this flow are described here. For more information on other activities, see Common Security Operations integration flows and orchestration activities.