The Threat Lookups capability performs threat intelligence lookups to determine whether one or more observables are associated with known security threats.

The Threat Lookups capability has a workflow, Security Operations Integration - Threat Lookup Flow. When the capability workflow runs, it executes additional workflows for the activated implementations. You can specify an implementation to use to perform a lookup on the selected observables, or you can perform the lookup using all implementations.