Skip to main content
v9.0
Both workflows are available as On-Demand workflows, but they can also be Scheduled to fully automate the recovery process.

Recovery- Enrich Non-enriched Observables

This Workflow enriches observables that have not been enriched before. It does not re-enrich observables that are already enriched.

Recovery- Handle Unprocessed Alerts

This workflow attempts to reprocess alerts that were not fully processed, such as those affected by missing or incorrect templates. It is intended to be used as a recovery step if alert processing fails or after a missing or broken template has been added.
I