A type of custom alert action that conforms to the common action model. In Splunk Enterprise Security, you can trigger Adaptive Response actions from correlation searches or on an ad hoc basis when examining a notable event on Incident Review. You can create a custom Adaptive Response action with the Splunk Add-on Builder or by leveraging the
cim_actions.py library available in the Common Information Model Add-on.
In Administer Splunk Enterprise Security:
On the Splunk Developer Portal:
In the Splunk Add-on Builder User Guide:
In the Common Information Model Add-on Manual: