Skip to main content

Incident ResponderIncident Responder Documentation

Incident Responder Actions

Call a third-party service and gather data points manually or automatically using actions.

An action is an API call to a service that gathers specific data points about an indicator of compromise (IOC) in an incident; for example, it can find the reputation of an IP address artifact. It is a Python script that you can edit or create on your own. You execute them manually, or automatically using a playbook. There are out-of-the-box actions, or you integrate Incident Responder with a service to run others.Manually Run an ActionConfigure a ServiceConfigure ServicesConfigure Services