Security Operations Integration - Publish to Watchlist Flow

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • The Security Operations Integrations - Publish to Watchlist flow is a high-level flow independent of integrations. It adds observables to third-party watchlist that support the capability. Use it to fulfill an integration.

    Before you begin

    Role required: sn_si.analyst

    About this task

    This flow is visible and runs only when an integration is available. It is triggered from the Observables or Associated Indicators tab on a security incident.

    Figure 1. Publish to Watchlist
    Security Operations Integration - Publish to Watchlist capability flow

    Activities specific to this flow are described here. For more information on other activities, see Common Security Operations integration flows and orchestration activities.