Run Enrichment Actions within a case

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Use this section to understand how enrichments actions are performed on case(s).

    Before you begin

    Role required: sn_sec_tisc.admin

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click Threat Analyst Workbench icon.
    3. Go to Case Management > All Cases.
      All the cases are displayed.
    4. Select any case or case task.
    5. Go to Artifacts tab.
    6. Select the Observables related list.
    7. Select one ore more Observables.
    8. Click any Enrichment actions from the dropdown list.
    9. Select the available implementation(s).
    10. Click Submit.
      For example, Run Threat Lookup. The selected enrichment action will be executed and an information message is displayed that Observable enrichment execution has started on the selected observable(s). Results will be available in the detail page of respective observable(s) once the execution is complete.
      Note:
      Once the execution initiated or completed, a work notes is posted on the activity stream of the form view.
      Enrichment actions