How to Run Responders and Review Reports for an Observable

This topic provides step-by-step instructions for running responders on an observable and reviewing responder reports in TheHive.

Responders execute actions on cases, alerts, observables, tasks, and task logs.

Run a responder on an observable to take actions such as blocking an IP address on the firewall or a URL on the proxy.

Required permissions

Only users with the manageObservable permission can manage observables in TheHive.

Run responders on an observable

1. Locate the observable on which you want to run responders.

2. In the observable, select .

   

3. Select Responders.

4. In the Run actions on current observable drawer, select the responders you want to run.

5. Select Launch actions.

6. Select Confirm.

Review responder reports for an observable

1. Locate the observable on which you ran responders.

2. In the observable details, move through the Responder reports section to check the status of the executed responders.

   

Next steps

• Add an Observable
• Remove an Observable
• Update the Status of an Observable
• Edit Multiple Observables
• Pin an Observable
• Export Data from Observables
• Run Analyzers and Review Reports for an Observable
• Import Observables from Analyzer Reports
• Exclude an Observable from Similarity Checks