Security Incident Response AI agent collection close security incident agentic workflow
The Close security incident agentic workflow enables security analysts to close a security incident.
Close security incident agentic workflow overview
Using the Close security incident agentic workflow, cancel the associated response tasks, generate resolution notes, close notes, close code and post incident analysis (PIA) during a security incident closure, and provide feedback and adjust content in natural language from the Now Assist panel.
If you want to modify this agentic workflow, you can duplicate it, adjust the settings to suit your specific needs, and activate the duplicated version of the agentic workflow instead.
Agent used in Close security incident agentic workflow
The Security incident wrap-up generator expert is used in the Close security incident agentic workflow.
Tools mapped to Close security incident agentic workflow
| Tool type | Execution mode | Name | Description |
|---|---|---|---|
| Scripts | Autonomous | Fetches security incident details | Tool to fetch the security incident details from security incident number. |
| Scripts | Autonomous | Gets close code values | Tool to get available close code values for the security incident. |
| Scripts | Autonomous | Closes the security incident as false positive | Tool used when the incident is being closed as false positive. |
| Scripts | Autonomous | Updates the security incident | Tool to update a field of the security incident. |
| Subflow | Autonomous | Generates close notes | Tool to generate closure notes for the security incident. |
| Subflow | Autonomous | Generates post-incident analysis | Tool to generate post incident analysis for the security incident. |
Triggers for the Close security incident agentic workflow
There are no triggers for this agentic workflow. If required, you can add a trigger to invoke the agentic workflow automatically.