Threat Lookup - CrowdStrike Falcon Intelligence workflow
The Threat Lookup - CrowdStrike Falcon Intelligence workflow performs a lookup on selected observables. If the observables are of a type recognized by CrowdStrike Falcon Intelligence, the observables are scanned for malware, and the results are returned.
Before you begin
Role required: admin
About this task
This workflow is triggered by the Security Operations Integration - Threat Lookup capability when you publish one or more observables to a watchlist, and the CrowdStrike Falcon Intelligence implementation is selected. After they are published, the watchlists can be viewed in the CrowdStrike Falcon Host software.
For information on the activities used by this workflow, see Common integration workflow activities.