Security Operations System Command Integration- Get Running Processes flow

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • The Security Operations System Command Integration - Get Running Processes flow retrieves the running processes of a configuration item when added or updated to a Windows or Unix-based security incident in the Analysis state.

    Vorbereitungen

    Role required: sn_si.analyst

    Warum und wann dieser Vorgang ausgeführt wird

    For new security incidents, the flow runs automatically when you submit the incident with a selected configuration item, when the state automatically changes to Analysis. If it remains in the Draft state, then it does not run.

    Existing security incidents are automatically updated when you are in the Analysis state and you add a new configuration item.

    The flow process actions include:
    Abbildung : 1. Get Running Processes
    Security Operations System Command Integration- Get Running Processes flow

    Prozedur

    1. Open a security incident.
    2. Update the State to Analysis, if necessary.
    3. Add a configuration item (computer, server, or similar).
    4. Click Update.
      Security Incident Response Orchestration provides running process information in the Related Link > Security Incident Enrichmentstab. For more information, see Security Operations enrichment data mapping.

      Actions specific to this flow are described here. For more information on other actions, see Common Security Operations integration flows and orchestration activities.