Manage on-demand orchestration

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • During Security Incident Response analysis, a security analyst may want to perform a task that is driven by a security incident workflow. For example, run a process dump on a particular CI. This can be accomplished with on-demand orchestration.

    Each registered Security Operations application includes several on-demand orchestrations in the base system. You can define custom on-demand orchestrations, as needed.

    On-demand orchestration can be invoked from a choice list at the bottom of the following lists and forms in Security Incident Response:
    • Security Incident form
    • Security Incident list
    • Security Incident Observables related list
    • Configuration Items related list
    Note:
    • A property in Security Support Common called sn_sec_cmn.use_on_demand_tbl_as_allowed defines which workflows are available for on-demand execution.
    • If the property is set to true, only workflows specified in the On Demand Orchestration [sn_sec_cmn_on_demand_orchestration] table are available.
    • If the property is set to false (default), all workflows for applications configured in the SecOps Application Registry are available.
    • Depending on the setting of the property, the list of workflows available is tailored to the type of information being analyzed.