Splunk® Enterprise Security

Administer Splunk Enterprise Security

Run adaptive response actions in Splunk Enterprise Security

Run adaptive response actions at triage time from findings or investigations listed on the Mission Control page in Splunk Enterprise Security.

Run adaptive response actions in Splunk Enterprise Security

Follow these steps to run adaptive response actions from findings and investigations:

  1. In Splunk Enterprise Security, select the Mission Control page and go to the analyst queue.
  2. Select the finding or investigation from which you want to run one or more adaptive response actions.
  3. In the View details page for the finding or investigation, select the ... to open the drop-down and then select Run adaptive response actions.
  4. In the Select actions to run, select Add new response action to open the drop-down and display a list of recommended actions. For example, Stream capture, which is an available adaptive response action in Splunk Enterprise Security. Alternatively, you can also select a custom adaptive response action such as ESCU-context that you might have created to gather more context on the finding or investigation. You can also use the search filter to identify the appropriate adaptive response action for the finding or investigation.
  5. Select the adaptive response action and then select Run to run the adaptive response action.


See also

For more information on adaptive response actions, see the product documentation:

Last modified on 04 December, 2024
Configure adaptive response action relays in Splunk Enterprise Security   Use detection versioning in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters