adaptive response action

adaptive response action


A type of custom alert action that conforms to the common action model. In Splunk Enterprise Security, you can trigger Adaptive Response actions from correlation searches or on an ad hoc basis when examining a notable event on Incident Review. You can create a custom Adaptive Response action with the Splunk Add-on Builder or by leveraging the library available in the Common Information Model Add-on.

For more information

In Administer Splunk Enterprise Security:

On the Splunk Developer Portal:

In the Splunk Add-on Builder User Guide:

In the Common Information Model Add-on Manual: