Security Operations Integration - Threat Lookup Flow
The Security Operations Integration - Threat Lookup capability flow accesses available threat lookup implementations and executes the implementation flows associated with each to perform threat lookups of selected observables.
Before you begin
Role required: sn_ti.write
About this task
- by selecting one or more observables from the Observables list and selecting Run threat lookup from the Actions on selected rows choice list.
- by opening an observable record and clicking the Run threat lookup related link.
- From the Observables related list in a security incident.
Each method then allows you to specify which lookup implementations to be used to scan the selected observables. The associated implementation flows are executed to perform the lookups.
Actions specific to this flow are described here. For more information on other actions, see Common Security Operations integration flows and orchestration activities.
The flow process actions include: