Skip to content

How to Run Responders and Review Reports for an Observable#

This topic provides step-by-step instructions for running responders on an observable and reviewing responder reports in TheHive.

Responders execute actions on cases, alerts, observables, tasks, and task logs.

Run a responder on an observable to take actions such as blocking an IP address on the firewall or a URL on the proxy.

Required permissions

Only users with the manageObservable permission can manage observables in TheHive.

Run responders on an observable#

  1. Locate the observable on which you want to run responders.

  2. In the observable, select .

    Observable actions

  3. Select Responders.

  4. In the Run actions on current observable drawer, select the responders you want to run.

  5. Select Launch actions.

  6. Select Confirm.

Review responder reports for an observable#

  1. Locate the observable on which you ran responders.

  2. In the observable details, move through the Responder reports section to check the status of the executed responders.

    Responder reports

Next steps