The Security Incident Response - Create Lookup Request for IoC Changes flow is triggered by a business rule to run automatically when an IoC is added or changed. Malware scans are triggered only when new data is entered and only the new data is scanned.

About this task

If the IoC is empty, the flow does not run. Historical scans are retained and viewable in the Security Scan Requests tab and worknotes of the security incident. The existing security incidents are automatically updated.

Important:

The Security Incident Response - Create Lookup Request for IoC Changes workflow is migrated to the Flow Designer. The flow gets triggered only when the sn_ti_scanner has at least one record.

The Flow Designer actions include:

• Audit Log Enrichment
• Create IoC Lookup Request Flow Action