The Threat Lookup - Have I been pwned? flow performs a lookup on selected observables. If the observables are of a type recognized by Have I been pwned?, the observables are scanned for malware, and the results are returned.

Role required: sn_si_admin

This flow is triggered by the Security Operations Integration - Threat Lookup capability when you perform a threat lookup on one or more observables, and the Have I been pwned? implementation is selected. For more information, see Perform lookups on observables.

For information on the activities used by this flow, see Common Security Operations integration flows and orchestration activities.