Security Operations Integration - CI Enrichment flow
The Security Operations Integration - CI Enrichment flow allows you to enrich data in configuration items (CI) associated with a security incident.
Before you begin
Role required: sn_si.analyst
About this task
- by selecting one or more CIs from the Configuration Items tab (under the Affected Items related link) and selecting Run CI enrichment from the Actions on selected rows choice list.
- by opening a CI record and clicking the Run CI enrichment related link.
Either method then allows you to specify which implementations to be used to enrich the selected CIs. The associated implementation flows are executed to perform the enrichment.
Note:
The base system does not include an
implementation flow for this capability. To enrich CIs, you must create your own implementation flow.
Actions specific to this flow are described here. For more information on other actions, see Common Security Operations integration flows and orchestration Flow Actions.