Run adaptive response actions in Splunk Enterprise Security
Run adaptive response actions at triage time from findings or investigations listed on the Mission Control page in Splunk Enterprise Security.
Run adaptive response actions in Splunk Enterprise Security
Follow these steps to run adaptive response actions from findings and investigations:
- In Splunk Enterprise Security, select the Mission Control page and go to the analyst queue.
- Select the finding or investigation from which you want to run one or more adaptive response actions.
- In the View details page for the finding or investigation, select the ... to open the drop-down and then select Run adaptive response actions.
- In the Select actions to run, select Add new response action to open the drop-down and display a list of recommended actions. For example, Stream capture, which is an available adaptive response action in Splunk Enterprise Security. Alternatively, you can also select a custom adaptive response action such as ESCU-context that you might have created to gather more context on the finding or investigation. You can also use the search filter to identify the appropriate adaptive response action for the finding or investigation.
- Select the adaptive response action and then select Run to run the adaptive response action.
See also
For more information on adaptive response actions, see the product documentation:
- Troubleshoot for adaptive response actions not displaying in the Troubleshoot Splunk Enterprise Security manual
- Configure adaptive response actions for detections in Splunk Enterprise Security
- Configure adaptive response action relays in Splunk Enterprise Security
Configure adaptive response action relays in Splunk Enterprise Security | Use detection versioning in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1
Feedback submitted, thanks!