The display name of the node within the flows.

Use the Priority field to order pending actions within an incident timeline. The priority is used to sort pending actions from highest value to lowest value. A higher priority value will show up above other pending actions in the incident timeline and, conversely, lower priority values will appear below other pending actions. The sorting applies to the view within a timeline and works across pending actions, regardless of the NL-Waiter.

If Batch Pending Actions is checked, pending actions with the same Incident ID will be batched into one pending action instead of one pending action per message received at the NL Waiter node.

Additionally, Batch On Field further ensures that batching is based on more than just the Incident ID. Batching is based on the value of the selected Batch Field. The field may be an object consisting of a hierarchy of data as well. Batch On Field mode is the recommend default configuration when dealing with Indicators of Compromise (IoCs).

Perform Batch on Field Across Incidents provides a mode of operation to process all pending actions across incidents with the same Batch Field on the same waiter node. When selected, all incidents waiting on the exact same field value will continue on with a single click irrespective of the Incident ID.

Configured Outputs defines the list of outputs. There must always be at least two outputs. If less than two outputs are defined, additional defaults are added in automatically until two outputs are defined.

• Output Label: The output label for the output. This label is also used for this path’s button when viewing on the Incident related UI pages.
• Button Color: The button color for the output on the Incident related UI pages.
• Button Icon: The button icon for the output on the Incident related UI pages.

The display name of the node within the flows.

When Group By Message ID is checked and Merge Grouped Messages is unchecked, any messages arriving at this node will be grouped by message ID and only the first message received is passed along. This is useful for onetime processing in a flow after this synchronization point. If Group By Message ID is unchecked, every arriving message object will be passed along from this node regardless of message ID (msg._msgid).

When both Group By Message ID and Merge Grouped Messages are checked, non-conflicting portions of the messages are merged together. Conflicting portions of the message are overwritten at deepest level possible. This is useful for combining information from disparate flow pathways back into a single merged message.

The number of seconds the node waits before the message is passed on, if all conditions are met.

By default, Pending Actions (NL Waiter) is checked. When checked, this node will block until every pending action has had a decision made. If unchecked, this node will not use pending actions to determine if blocking should be performed.

The display name of the node within the flows.

If Batch On Field is checked, the Batch Field must be supplied. This configuration is useful when a flow pathway trusts an Indicator of Compromise (IoC) after another pathway in the flow ended up at a NL-Waiter node requiring a choice. This allows for the clearing of a single pending action request based on the batched value.

As defined by status transition rules in the system, a waiting Incident can not be closed until all pending actions are addressed. This node will clear out all the desired pending actions based on the selected Remove Mode.

• Selected NL Waiter(s): Pending actions for the Incident blocked at the designated NL-Waiter nodes on the same tab. This is a safer mode of operation.
• All Pending Actions: All pending actions for the Incident.