The Logic Gate • Room 2

Adaptive Response Actions

**Adaptive Response Actions** allow ES to automatically take action when a Correlation Search triggers, or allow an analyst to take action manually from the Incident Review dashboard.

Common actions include: emailing the SOC, sending the event to a SOAR platform, pinging a host, or actively blocking an IP address on a firewall.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

How do Adaptive Response actions work?

Adaptive Response actions can be triggered ______ by a correlation search, or executed ______ by an analyst from the Incident Review dashboard.