Security Operations CrowdStrike Falcon Host - Publish to Watchlist Flow
The Security Operations CrowdStrike Falcon Host - Publish to Watchlist flow designer is used to specify the watchlist for generating alert or events. The alerts and events are displayed in the CrowdStrike Falcon Host system based on how it is configured.
Publish to Watchlist Flow
This flow designer is triggered by the Security Operations Integration- Publish to Watchlist capability when you select one or more observables associated with a security incident, and use the Publish to Watchlist UI action to push the observables to a watchlist. The observables can
then be used to generate additional alerts. For more information, see Publish observables to a third-party watchlist.