Activate a Security Incident Response flow

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • Security administrators and flow designers can use the Security Incident Response flows to automate the process of resolving security incidents in the organization.

    Before you begin

    Role required: sn_si.admin, action_designer, and flow_designer

    About this task

    The flows provided with the base system are in an inactive state. Activate these flows before you use them.

    Procedure

    1. Download and install the Security Operations Spoke application.
      This Spoke application provides security operations actions that you can use while defining Security Incident Response flows.
    2. Navigate to Flow Designer > Designer and search for the Security Operations Spoke application to view the Security Incident related flows.
      Security Incident Management SpokesNotice that the flows have a published status and are inactive.
    3. For example, if you want to activate the Automated Malware Playbook flow, select the Security Incident - Automated Phishing Playbook - Template V1 link to view the flow.
      Automated Phishing Playbook Template
      Note:
      You cannot edit the flows provided with the base system as they are read-only flows. You can use these flows as they are or make a copy and modify them as required.
    4. Select Activate to activate the flow.

    Result

    The Automated Phishing Playbook flow is active and ready to use.