Security Operations Integration - Threat Lookup Flow

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • The Security Operations Integration - Threat Lookup capability flow accesses available threat lookup implementations and executes the implementation flows associated with each to perform threat lookups of selected observables.

    Antes de Iniciar

    Role required: sn_ti.write

    Por Que e Quando Desempenhar Esta Tarefa

    This flow can be triggered in these ways.
    • by selecting one or more observables from the Observables list and selecting Run threat lookup from the Actions on selected rows choice list.
    • by opening an observable record and clicking the Run threat lookup related link.
    • From the Observables related list in a security incident.

    Each method then allows you to specify which lookup implementations to be used to scan the selected observables. The associated implementation flows are executed to perform the lookups.

    Figura 1. Threat Lookup
    Security Operations Integration - Threat Lookup

    Actions specific to this flow are described here. For more information on other actions, see Common Security Operations integration flows and orchestration activities.

    The flow process actions include: