Security Incident Response Orchestration flows and actions Release version: Washingtondc Updated August 1, 2024 1 minute to readSeveral flows and actions are included with Security Incident Response Orchestration. Create Lookup Request for IoC Changes FlowThe Security Incident Response - Create Lookup Request for IoC Changes flow is triggered by a business rule to run automatically when an IoC is added or changed. Malware scans are triggered only when new data is entered and only the new data is scanned.Security Incident Response- Get Network Statistics FlowThe Security Incident Response > Get Network Statistics flow retrieves the network statistics for an affected Windows-based resource when added to a security incident in the Analysis state.Security Operations System Command Integration- Get Running Processes flowThe Security Operations System Command Integration - Get Running Processes flow retrieves the running processes of a configuration item when added or updated to a Windows or Unix-based security incident in the Analysisstate.Security Incident Response - Get Running Services FlowThe Security Incident Response - Get Running Services Flow retrieves a list of running services from Windows-based, ServiceNow, configuration items (CIs). This flow is used for incident enrichment during investigations.Create Enrichment Data records Flow ActionThe Create enrichment data records flow action creates or updates enrichment records to use in the flow.Run procdump flowThe Run procdump flow runs a process dump on a specified process and saves it to a file that can be targeted by security analysts.Security Incident - Evaluate response task outcome workflowSecurity Incident - Evaluate Response task outcome workflow determines the task to use, invokes a chosen workflow and evaluation script based on the outcome evaluator record provided as input to the chosen workflow.
Security Incident Response Orchestration flows and actions Release version: Washingtondc Updated August 1, 2024 1 minute to readSeveral flows and actions are included with Security Incident Response Orchestration. Create Lookup Request for IoC Changes FlowThe Security Incident Response - Create Lookup Request for IoC Changes flow is triggered by a business rule to run automatically when an IoC is added or changed. Malware scans are triggered only when new data is entered and only the new data is scanned.Security Incident Response- Get Network Statistics FlowThe Security Incident Response > Get Network Statistics flow retrieves the network statistics for an affected Windows-based resource when added to a security incident in the Analysis state.Security Operations System Command Integration- Get Running Processes flowThe Security Operations System Command Integration - Get Running Processes flow retrieves the running processes of a configuration item when added or updated to a Windows or Unix-based security incident in the Analysisstate.Security Incident Response - Get Running Services FlowThe Security Incident Response - Get Running Services Flow retrieves a list of running services from Windows-based, ServiceNow, configuration items (CIs). This flow is used for incident enrichment during investigations.Create Enrichment Data records Flow ActionThe Create enrichment data records flow action creates or updates enrichment records to use in the flow.Run procdump flowThe Run procdump flow runs a process dump on a specified process and saves it to a file that can be targeted by security analysts.Security Incident - Evaluate response task outcome workflowSecurity Incident - Evaluate Response task outcome workflow determines the task to use, invokes a chosen workflow and evaluation script based on the outcome evaluator record provided as input to the chosen workflow.