Adaptive responses are actions that can be performed in response to notable events or other security incidents. Adaptive responses can be triggered by correlation searches and users on the incident review dashboard. Correlation searches are scheduled searches that run periodically to detect patterns of interest in the data and generate notable events or other actions when the search conditions are met. Users can configure correlation searches to trigger adaptive responses automatically when a notable event is created. Users can also run adaptive responses manually from the incident review dashboard, which displays the notable events and their details. Users can select one or more notable events and choose an adaptive response action from the menu. Adaptive responses can help users to gather information, modify the environment, or take other actions to investigate and respond to security incidents. References =
Adaptive Response Framework overview
Run Adaptive Response actions from the Incident Review dashboard
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit