Security workflows

Security teams use workflows for two broad patterns: automating the response to individual alerts, and running operational tasks across large sets of detection rules. This section covers both.

• Automate security operations: Respond to alerts automatically, create and populate cases, route notifications by severity, enrich alerts with external context, and investigate with AI assistance.
• Manage detection rules at scale: Audit rule health on a schedule, surface and alert on rule errors, report on coverage, and sync rule status to external systems.