Run Responders and Review Reports for an Observable

manageObservable

Cortex responders execute actions on cases, alerts, observables, tasks, and task logs.

Run responders on an observable in TheHive to execute automated actions such as blocking an IP address on the firewall or a URL on the proxy.

Only responders that match the observables' type, as well as their TLP (traffic light protocol) and PAP (permissible actions protocol) levels, are available.

Run responders on an observable

5.7 Bulk run

To run responders on multiple observables, go to the Observables tab in a case or alert and select next to each observable you want to include. Then select above the list.

1. Locate the observable on which you want to run responders.

2. In the observable, select .

   

3. Select Responders.

4. In the Run actions on current observable drawer, select the responders you want to run.

5. Select Launch actions.

6. Select Confirm.

Review responder reports for an observable

1. Locate the observable on which you ran responders.

2. In the observable details, move through the Responder reports section to check the status of the executed responders.

   

Next steps

• Add an Observable
• Delete an Observable
• Update the Status of an Observable
• Edit Multiple Observables
• Pin an Observable
• Export Data from Observables
• Run Analyzers and Review Reports for an Observable
• Import Observables from Analyzer Reports
• Exclude an Observable from Similarity Checks