Security Incident Response- Get Network Statistics flow

Release version: Zurich

Updated July 31, 2025

1 minute to read

The Security Incident Response > Get Network Statistics flow retrieves the network statistics for an affected Windows-based resource when added to a security incident in the Analysis state.

Before you begin

Role required: sn_si.analyst

About this task

For new security incidents that contain configuration items, the flow runs automatically when the state changes to Analysis.

Existing security incidents are automatically updated when you are in the Analysis state and you add a new configuration item.

Get Network Statistics flow — Figure 1. Get Network Statistics

The flow process actions include:

Get Configuration Item FQDN Flow Action
Determine Shell Script by OS
If statement is executed by Powershell
Execution Tracking - Begin Flow Action
Get Network Statistics via netstat Flow Action
Capability Execution Tracking- Failure Flow Action
Create Enrichment Data records Flow Action
Capability Execution Tracking- Failure Flow Action - Returns enrichment ID.
Capability Execution Tracking - Complete Flow Action

Procedure

Open a security incident.
Update the State to Analysis, if necessary.
Add a configuration item (computer, server, or similar).
Click Update.
Security Incident Response Orchestration provides network statistics information in the Related Links > Security Incident Enrichments tab. For more information see, Security Operations enrichment data mapping.
Actions specific to this flow are described here. For more information on other actions, see Common Security Operations integration flows and orchestration activities.