Response Actions and Automations

Available to Admins only

Response Actions (also referred to as Response Automations) allow you to automatically execute custom Python code when investigations complete. This enables seamless integration with external systems and consistent, repeatable response workflows.

Response Actions are commonly used to:

• Notify external systems

• Trigger remediation workflows

• Enrich tickets or records

• Apply policy-driven actions at scale

How Response Automations Work

Execution Model

• Trigger Events Automations execute when an investigation reaches a completion state (success or error).

• Sandboxed Environment Code runs in an isolated container using Python 3.11.

• Data Injection Investigation context and stored secrets are injected automatically as Python dictionaries.

• Result Capture All output, errors, and execution status are logged for auditing and troubleshooting.