Run Responders and Review Reports for an Observable

manageObservable

Cortex responders execute actions on cases, alerts, observables, tasks, and task logs.

Run responders on an observable in TheHive to execute automated actions such as blocking an IP address on the firewall or a URL on the proxy.

Cortex responders execute actions on cases, alerts, observables, tasks, and task logs.

Run responders on an observable

1. Locate the observable on which you want to run responders.

2. In the observable, select .

   

3. Select Responders.

4. In the Run actions on current observable drawer, select the responders you want to run.

5. Select Launch actions.

6. Select Confirm.

Review responder reports for an observable

1. Locate the observable on which you ran responders.

2. In the observable details, move through the Responder reports section to check the status of the executed responders.

   

Next steps

• Add an Observable
• Delete an Observable
• Update the Status of an Observable
• Edit Multiple Observables
• Pin an Observable
• Export Data from Observables
• Run Analyzers and Review Reports for an Observable
• Import Observables from Analyzer Reports
• Exclude an Observable from Similarity Checks