How to Run Responders and Review Reports for an Observable#
This topic provides step-by-step instructions for running responders on an observable and reviewing responder reports in TheHive.
Responders execute actions on cases, alerts, observables, tasks, and task logs.
Run a responder on an observable to take actions such as blocking an IP address on the firewall or a URL on the proxy.
Required permissions
Only users with the manageObservable
permission can manage observables in TheHive.
Run responders on an observable#
-
Locate the observable on which you want to run responders.
-
In the observable, select .
-
Select Responders.
-
In the Run actions on current observable drawer, select the responders you want to run.
-
Select Launch actions.
-
Select Confirm.
Review responder reports for an observable#
-
Locate the observable on which you ran responders.
-
In the observable details, move through the Responder reports section to check the status of the executed responders.