Security Operations Integration - Threat Lookup workflow
The Security Operations Integration - Threat Lookup capability workflow accesses available threat lookup implementations and executes the implementation workflows associated with each to perform threat lookups of selected observables.
Before you begin
Role required: sn_ti.write
About this task
- by selecting one or more observables from the Observables list and selecting Run threat lookup from the Actions on selected rows choice list.
- by opening an observable record and clicking the Run threat lookup related link.
- From the Observables related list in a security incident.
Each method then allows you to specify which lookup implementations to be used to scan the selected observables. The associated implementation workflows are executed to perform the lookups.
Activities specific to this workflow are described here. For more information on other activities, see Common Security Operations integration flows and orchestration Flow Actions.
Workflow process activities include: