The Threat Lookups capability performs threat intelligence lookups to determine whether one or more observables are associated with known security threats.

The Threat Lookups capability has a flow, Security Operations Integration - Threat Lookup Flow. When the capability flow runs, it executes additional flows for the activated implementations. You can specify an implementation to use to perform a lookup on the selected observables, or you can perform the lookup using all implementations.