Verify CrowdStrike Falcon Insight profile trigger conditions

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • Test the profile and verify that the trigger condition filters that you have configured work as expected.

    Before you begin

    Role required: sn_si.admin

    About this task

    Activate the profile that is based on the configured trigger conditions you specified so that you can view the query results in the ServiceNow AI Platform security incidents.

    Procedure

    1. Navigate to All > Security Incidents > Show All Incidents.
    2. Select New to create a security incident.
    3. To create a security incident, fill in the required information and select Save.
    4. Review the work notes and activities section to view the profile-initiated and profile-completed tags.Reviewing work notes for automation activity.
    5. Review the details in the CrowdStrike Falcon Insight Details related lists such as Get File, Host Details, Logged on Users, Running Processes, Running Services, Network Statistics, and so on.