Security Operations Integration - Enrich Observable flow
The Security Operations Integration - Enrich Observable sub flow allows you to enrich observables with additional information from a variety of sources using implementation flow designer.
Antes de Iniciar
Role required: sn_si.analyst
Por Que e Quando Desempenhar Esta Tarefa
- by selecting one or more observables from the Observables list and selecting Run observable enrichment from the Actions on selected rows choice list.
- by opening an observable record and clicking the Run observable enrichment related link.
Either method then allows you to specify which implementations to be used to enrich the selected observables. The associated implementation flows are executed to perform the enrichment.
Actions specific to this flow are described here. For more information on other actions, see Common Security Operations integration flows and orchestration activities.
The flow process actions include: