Security Operations Integration - Publish to Watchlist Flow

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • The Security Operations Integrations - Publish to Watchlist flow is a high-level flow independent of integrations. It adds observables to third-party watchlist that support the capability. Use it to fulfill an integration.

    Vorbereitungen

    Role required: sn_si.analyst

    Warum und wann dieser Vorgang ausgeführt wird

    This flow is visible and runs only when an integration is available. It is triggered from the Observables or Associated Indicators tab on a security incident.

    Abbildung : 1. Publish to Watchlist
    Security Operations Integration - Publish to Watchlist capability flow

    Activities specific to this flow are described here. For more information on other activities, see Common Security Operations integration flows and orchestration activities.