v9.0
Note: These workflows are provided as a basic skeleton template and is designed to be fully customizable to suit your specific needs. Customization of the workflow will be required to align it with your exact requirements, and any adjustments made to the workflow will be the responsibility of the user.
Utility workflows are general-purpose tools designed to help streamline automated case management process and improve operational efficiency. These workflows can be customized to fit specific needs and are ideal for automating routine actions, maintaining data hygiene, and supporting investigation and enrichment tasks.

Utility – Close Stale Cases

Automatically closes cases that have not been updated in the last 30 days, helping to reduce clutter and ensure your case list remains relevant and actionable.

Utility – Daily Missing Template Report

This customizable workflow generates a report of cases missing a required template. It can be tailored to reflect the customer’s internal compliance or documentation requirements.

Utility – Delete Observable Relation

This workflow allows users to delete an existing relationship between two observables. It’s useful for maintaining data accuracy when relationships become outdated or incorrect.

Utility – Find Similar Cases Based on Observables

Given a case ID, this workflow analyzes shared observables and returns a list of similar cases in JSON format. Each result includes a similarity percentage, making it easier to identify related incidents.

Utility – List Alert Observable Relations

Retrieves and lists all observable relationships associated with a selected alert, offering quick visibility into connected entities and supporting investigation workflows.

Utility – List Observable Alert Relations

Displays all alerts related to a specific observable, helping analysts quickly trace the context and scope of an observable across different alerts.

Utility – Set or Update Observable Relations

This on-demand workflow creates or updates the relationship between a specific observable and an alert using a defined relation type. It ensures that only one relation exists per observable per alert, updating the observable_relations field on the alert record accordingly. Use this to maintain accurate and up-to-date links between observables and alerts in your system.

Utility – Update Enrichment

Takes a single observable ID as input and re-enriches it with the latest available data, ensuring that key observables are always current.