Enhance the efficiency of your security operations by executing several processes at once. For instance, when investigating an incident, you'll want to enrich indicators using multiple vendors at the same time.
Running Steps in Parallel
Drag a step and drop it over another step to create a parallel branch. A branch can consist of a single step or an entire logic pattern (set of steps).
The parallel branches are executed concurrently during the workflow run.
The execution of all parallel branches has to be completed for the workflow to continue.
Example: Enrich a Suspicious IP address
Example: Enrich a Suspicious IP address
Instead of sending indicators to a single threat intel vendor at a time, you can run parallel enrichments.
Running steps concurrently will reduce total execution time, which will vary depending on whatever the "slowest" branch is.
Create Parallel Branches
Drag a step and drop it on the step you want to run in parallel. You can create as many branches as needed.
Getting Information as It Comes
In this example, a Slack message that summarizes the information received from a vendor is sent immediately after the vendor data is returned. You will get Slack messages as the information from the vendors becomes available, in an unknown order.
Using the Information Gathered
The steps following the parallel branches will be executed only after all branches finish executing.
All subsequent steps in the workflow can access the output from the parallel branches.
In this example, the Exit step provides a summary of the information received from all threat intel vendors.
Things to Remember
Things to Remember
When a step executed in a parallel branch fails, the workflow will fail. If you want to ignore the failure of a step, go to the step Execution Options > Ignore failure and set it to Yes.
You can't use a break operator when a loop contains parallel branches. The Break operator should only be used in the same branch as the loop it's being used for.